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Sybase  patches  up  its  differences  with  a  security 
research  firm  that  found  flaws  in  its  database. 
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How  to  get  business 


enough  to  fund  those 
important-but- 
unglamorous 
IT  projects.  / 

By  Steve 
Ulfelder 
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Feds  Force  Tighter  Oversight  of  Outsourcers 


Regulations  push 
banks  to  centralize 
control,  trim  vendors 

BY  LUCAS  MEARIAN 

MEMPHIS 

IT  executives  from  several 
banks  last  week  said  govern¬ 
ment  directives  such  as  the 
Sarbanes-Oxley  Act  are  dri¬ 


ving  improvements  in  the  in¬ 
ternal  management  of  out¬ 
sourcing  deals  —  but  at  a  cost. 

For  example,  the  regula¬ 
tions  are  forcing  companies 
to  spend  significant  time  and 
money  to  ensure  that  their 
outsourcers  comply  with  the 
laws.  As  a  result,  some  users 
said  they  face  pressure  to  cen¬ 
tralize  outsourced  projects  by 


hiring  a  single  large  firm  with 
the  resources  to  meet  all  their 
requirements.  That  means 
they  may  have  to  ignore  small¬ 
er  outsourcing  vendors  that 
could  provide  an  IT  edge. 

“My  biggest  concern  right 
now  is  that  it’s  almost  impos¬ 
sible  for  us  to  do  business 
with  small  companies,  espe¬ 
cially  small  innovative  compa¬ 
nies  that  aren’t  well  financed,” 
said  Patrick  Ruckh,  chief  tech- 
Outsourcing,  page  57 


Sunoco  has  outsourcing  deals  with 
17  vendors.  But  that  degree  of  "multi- 
sourcing"  raises  concerns  about 
management  complexity  among 
some  IT  managers.  PAGE  7 


Health  Care 
Lags  on  HIPAA 
Security  Rules 

Companies  struggle  to  meet  deadline  for 
complying  with  data  protection  mandates 


BY  JAIKUMAR  VIJAYAN 

The  data  security 
rules  mandated  by 
the  Health  Insurance 
Portability  and  Ac¬ 
countability  Act  take 
effect  next  week.  But  a 
majority  of  health  care  com¬ 
panies  are  unlikely  to  be  ful¬ 
ly  compliant  with  the  new 
rules  by  then,  according  to 
recent  surveys  by  two  indus¬ 
try  associations. 

“There’s  not  been  a  lot  of 
forward  momentum  with 
HIPAA’s  security  piece, 
which  we  find  quite  discon¬ 
certing,”  said  Joyce  Sens- 


meier,  director  of 
informatics  at  the 
Healthcare  Informa¬ 
tion  and  Management 
Systems  Society  in 
Chicago. 

HIMSS,  which  rep¬ 
resents  more  than  15,000  in¬ 
dividual  members  and  about 
220  companies,  surveyed  400 
health  care  firms  earlier  this 
year.  Only  18%  of  the  pro¬ 
viders  and  30%  of  the  insur¬ 
ers  that  responded  to  the  poll 
said  they  would  be  compliant 
by  the  April  20  deadline. 

The  American  Health  In- 
HIPAA,  page  16 


Go  to  our  Web 
site  for  full 
coverage  of 
HIPAA  issues: 
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Freddie  Mac  Invests  in 
IT  to  Improve  Reporting 


Mortgage  lender 
spends  $100M-plus 
on  new  finance  apps 

BY  THOMAS  HOFFMAN 

Freddie  Mac  plans  to 
spend  $45  million 
this  year,  on  top  of 
the  $70  million  it  in¬ 
vested  in  2004,  to 
continue  develop¬ 
ment  of  more  than 
50  new  systems  that 
are  intended  to  im¬ 
prove  the  integrity 


of  the  mortgage  lender’s 
financial  reports. 

The  development  effort, 
which  began  in  late  2003,  fol¬ 
lows  an  accounting  scandal 
in  which  Freddie  Mac  under¬ 
stated  its  earnings  by 
almost  $5  billion  be¬ 
tween  2000  and 
2002.  Bill  DeLeo, 
vice  president  of 
capital  markets  tech¬ 
nology  services  at 
Freddie  Mac,  said 
last  week  that  the 
Freddie  Mac,  page  16 
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"Ten  percent  of  my  IT  group  used  to  be  dedicated 
just  to  monitoring  our  systems.  Now  they're 
dedicated  to  providing  new  services  to  dealers!' 

Mylene  Mayers 

Technology  Manager,  Toyota  Motor  Sales  USA 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes  Toyota 
Motor  Sales  USA's  infrastructure  easier  to  manage. 
Here's  how:  using  Microsoft  Operations  Manager 
and  Windows  Server,  Toyota  has  reduced  the 
number  of  IT  staff  required  to  manage  its  dealer 
servers  from  seven  to  one,  allowing  the  other  six 
staff  members  to  be  redeployed  to  more  strategic 
work.  It's  software  that  helps  you  do  more  with 
less.  Get  the  full  Toyota  story  and  a  hands-on 
management  tool  at  microsoft.com/wssystem 


Microsoft* 

Windows 
Server  System 


Windows  Server  System’”  includes: 


Server  Platform  Windows  Server" 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint  Portal  Server 

Integration 

BizTalk  Server 

Management 

Systems  Management  Server 

Microsoft  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 
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WE  KEEP  YOUR  PEOPLE  MOVING 
WITHOUT  SHAKING  THINGS  UP 
THE  OFFICE. 
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Mobility 
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Soon,  over  99  million  employees  worldwide  will  be  working  outside  the  office.'  Is  your  communications 
infrastructure  ready?  It  will  be  with  Avaya  IP  Telephony.  Give  your  employees  the  capability  to  work  from  the 
road,  at  home,  anywhere  — with  advanced  solutions  that  are  easy  to  use  and  simple  to  maintain. 

Keep  your  existing  network  up  and  running.  Avaya  lets  you  leverage  your  existing  technology  in  a  multi-vendor 
environment,  so  you  can  migrate  your  IP  deployment  with  confidence. 

Secure?  Absolutely.  Our  industry-leading,  end-to-end  media  encryption  protects  each  IP  call.  Avaya  experts  help 
you  design,  seamlessly  implement,  manage,  and  maintain  your  network  for  fully  optimized  performance.  As  the 
award-winning  leader  in  IP  telephony,2  and  with  our  unique  approach  of  embedding  communications  at  the  heart 
of  your  business,  Avaya  is  the  perfect  partner  to  help  keep  your  people  connected,  no  matter  where  they  are. 

GET  STARTED  AT  WWW.AVAYA.COM/MOVING-WITH  A  FREE  WHITE  PAPER 
“BEST  PRACTICES  FOR  IP  DEPLOYMENT  IN  A  MULTI-VENDOR  ENVIRONMENT.” 

Or  call  1-866-697-5566  to  speak  to  a  representative. 
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Strategic  Security 

In  the  Management  section:  Tactical  fixes 
just  aren’t  good  enough  anymore.  A  growing 
number  of  security  managers  say  it’s  time  to 
approach  information  security  as  an  opera¬ 
tional  risk  management  issue.  Page  48 


Taking  Defense  Down  to  the  Data 

^In  the  Technology  section:  An  increased  focus  on 
compliance  issues  and  concerns  about  data  loss 
have  led  users  to  realize  that  they  may  need 
'  more  than  traditional  network-  and  perimeter- 
oriented  data-protection  systems.  Page  25 


CONTENTS 

_  rA 


NEWS 


TECHNOLOGY 


OPINIONS 


ONLINE 

WWW.COMPUTERWORLD.COM 


6  Federal  agencies  are  bedev¬ 
iled  by  a  faulty  HR  software 
system  created  by  recruiting 
firm  Monster  Worldwide. 

6  Sybase  withdraws  its  threat 
of  legal  action  against  a  secu¬ 
rity  research  firm  that  found 
flaws  in  its  database. 

7  Sunoco  pushes  the  limits  of 
multivendor  outsourcing  by 
managing  IT  services  deals 
with  17  vendors. 

7  Costco  uses  offshore  devel¬ 
opment,  but  the  retailer  is  still 
hiring  large  numbers  of  in- 
house  programmers. 

10  Q&A:  John  Swainson,  CA’s 
new  CEO,  explains  his  move 
to  reorganize  the  company 
into  five  software  units. 

10  A  data-transfer  flaw  results 
in  problems  with  health  insur¬ 
ance  payments  to  GM  work¬ 
ers  and  retirees. 

12  SAS  and  Hyperion  are  unveil¬ 
ing  business  intelligence  tools 
that  will  give  nontechnical 
users  access  to  corporate  data. 

12  SNW  Preview:  “Intelligent 
chips”  are  expected  to  make 
a  big  splash  at  this  week’s 
Storage  Networking  World. 

14  Global  Dispatches:  The  U.S. 
and  European  Union  squabble 
over  a  deadline  for  European 
travelers  to  carry  biometric 
passports  to  enter  the  U.S. 

14  Fujitsu  introduces  a  pair  of 
Itanium  2  servers  that  will  run 
under  Windows  and  Linux. 


30  Data  Warehouse  Boost  on  a 
Budget.  New  products  that  in¬ 
crease  performance  for  ad  hoc 
queries  while  they  lower  costs 
are  challenging  established 
data  warehouse  vendors. 

33  Q&A:  Managing  Expectations. 

IBM’s  Alan  Ganek  discusses 
the  present  state  and  future 
of  autonomic  computing. 

34  Future  Watch:  Bulletproof 
Storage.  IBM  is  developing 
storage  systems  that  are  de¬ 
signed  to  repair  themselves 
or  be  left  unrepaired  without 
jeopardizing  data. 

36  Security  Manager’s  Journal: 
HIPAA  Compliance  in  30 
Days  or  Less.  With  the  dead¬ 
line  fast  approaching,  C.J. 
Kelly  decides  the  information 
security  officer  in  charge  of 
complying  with  the  new 
federal  law  needs  help. 

MANAGEMENT 

41  Ho-Hum.  Keeping  up  your 
business  colleagues’  enthusi¬ 
asm  for  less-than-sexy  proj¬ 
ects  calls  for  creativity.  Here’s 
how  some  CIOs  manage. 

44  The  Power  of  Analogy. 

Analogies  are  efficient  strate¬ 
gic  tools  in  the  highly  ambigu¬ 
ous  world  of  IT.  But  beware: 
When  used  carelessly,  they 
can  lead  you  astray. 

49  Career  Watch,  who  gets  hurt 
by  an  economic  uptick?  Also, 
employees  who  blog  on  their 
own  time  need  guidance  from 
their  companies. 


8  On  the  Mark:  Mark  Hall  re¬ 
ports  that  with  IT  managers 
looking  for  more  items  to  cut 
in  their  budgets,  software 
vendors  may  have  to  do  more 
to  justify  the  maintenance 
fees  they  often  treat  as  a 
lucrative  annuity. 

20  Don  Tennant  sees  in  Siebel’s 
recent  fumblings  a  company 
out  of  touch  with  its  own 
performance. 

20  Michael  Gartenberg  foresees 
a  problem  for  Microsoft  when 
it  finally  releases  its  Longhorn 
operating  system:  Users  think 
XP  is  good  enough  already. 

21  DanGillmor  sizes  up  the  im¬ 
pact  on  high  tech  of  two  cases 
before  the  Supreme  Court. 

38  Curt  A.  Monash  takes  a  look 
beyond  vendorspeak  and 
rethinks  the  formerly  re¬ 
spectable  notion  of  platforms. 

50  Bart  Perkins  believes  accu¬ 
rate  IT  cost  accounting  will 
help  your  business  make  the 
right  decisions. 

58  Frankly  Speaking:  Frank 
Hayes  says  that  just  because 
an  RFID  tag  has  space  for  lots 
of  data,  we  shouldn’t  surren¬ 
der  to  the  urge  to  fill  it  up. 


DEPARTMENTS/RESOURCES 


At  Deadline  Briefs  . 6 

News  Briefs  . 8,12 

Letters . 21, 23 

IT  Careers . 54 

Company  Index . 56 

How  to  Contact  CW . 56 

Shark  Tank  . 58 


QuickPoll  Results 


If  security  researchers  discover  a  software 
flaw  and  feel  a  vendor  isn't  acting  quickly  to  fix  it, 
should  they  release  the  information  publicly? 
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RFID:  Beyond  the  Supply  Chain 

MOBILE/WIRELESS:  Companies  are  doing 
more  with  RFID  than  meeting  supply  chain 
mandates.  Some  are  using  the  technology  in 
niche,  ROI-generating  projects  that  address 
business  problems,  columnist  Raj  it  Gadh 
observes  from  a  UCLA  executive  forum. 
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Time  Management 
Tips  Any  IT  Pro  Can  Use 

CAREERS:  Consistently  putting  in  extra 
hours  at  work  can  eventually  lead  to  lost 
productivity,  increased  stress  and  burnout. 
Robert  Half  Technology’s  Katherine  Spencer 
Lee  offers  some  tips  for  better  managing 
your  workday  so  you  can  head  home  on  time 
more  often  than  not.  ©  QuickLink  53078 


What’s  a  QuickLink? 


O  Throughout  each  issue  of 
Computer-world,  you'll 
see  five-digit  QuickLink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  QuickLink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick¬ 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site. 


ONLINE 

DEPARTMENTS 

Breaking  News 

©  QuickLink  a1510 

Newsletter 

Subscriptions 

©  QuickLink  a1430 

Knowledge  Centers 

©  QuickLink  a2570 

The  Online  Store 

©  QuickLink  a2420 


e 


SDMPUTE8W0RLD  April  11, 2005 


NEWS 


www.computerworld.com 


Monster  Software  Flaw 
Flaunts  Fed  Agencies 


Siemens  Buys 
U.S.  Software  Firm 

Munich-based  electronics  giant 
Siemens  AG  has  reached  an 
agreement  to  acquire  Myrio  Corp., 
a  Bothell,  Wash.-based  developer 
of  software  for  emerging  IP  tele¬ 
vision  services  that  use  the  Inter¬ 
net  to  deliver  video.  Terms  of  the 
deal  weren’t  disclosed.  The  acqui¬ 
sition  will  strengthen  Siemens’ 
portfolio  of  voice,  data  and  video 
technologies. 


Microsoft  Issues 
Patches  This  Week 

On  Tuesday,  Microsoft  Corp.  will 
issue  eight  security  alerts  with 
patches  for  Windows,  Office,  MSN 
Messenger  and  Exchange.  Five  of 
the  security  bulletins  apply  to 
Windows,  and  at  least  one  of 
those  is  deemed  critical.  Office, 
MSN  Messenger  and  Exchange 
will  get  one  bulletin  each,  all 
deemed  critical. 


AMD  Set  to  Unveil 
Dual-Core  CPU 

The  race  between  Intel  Corp.  and 
Advanced  Micro  Devices  Inc.  to 
be  first  to  market  with  dual-core 
processors  is  about  to  end.  AMD 
is  expected  to  introduce  its  first 
dual-core  Opteron  processors  at 
an  event  in  New  York  on  April  21, 
according  to  sources.  The  event 
will  also  mark  the  second  an¬ 
niversary  of  the  unveiling  of  the 
64-bit  Opteron. 


VMware  to  Ship 
Software  Pack 

VMware  Inc.  today  will  release  its 
Workstation  5  desktop  virtualiza¬ 
tion  software,  which  will  run  on 
Windows  and  Linux  host  operat¬ 
ing  systems.  New  features,  cou¬ 
pled  with  memory-sharing  tech¬ 
nology  used  in  VMware’s  ESX 
Server,  will  let  companies  con¬ 
nect  multiple  virtual  machines 
with  configurable  network  seg¬ 
ments  to  simulate  and  test  multi¬ 
tier  applications  on  developer 
desktops. 


QuickHire  glitches 
hinder  HHS,  DHS 
hiring  efforts 

BY  MARC  L.  SONGINI 

everal  federal  govern¬ 
ment  agencies  have 
been  bedeviled  over 
the  past  month  by 
technical  issues  that  impaired 
a  hosted  human  resources 
software  system  run  by  re¬ 
cruiting  and  advertising  giant 
Monster  Worldwide  Inc. 

The  problems  have  forced 
Monster  developers  to  per¬ 
form  various  work-arounds 
and  the  agencies  to  adopt  tem¬ 
porary  processes  for  job  appli¬ 
cants.  Monster  said  it  will  pay 
to  fix  the  problems,  though 
neither  it  nor  the  agencies 
would  disclose  the  amount 
of  that  outlay  or  the  cost  of 
adopting  the  temporary  mea¬ 
sures. 

The  affected  agencies  in¬ 
clude  the  Department  of  Health 
and  Human  Services  and  the 
Department  of  Homeland  Se¬ 
curity’s  Customs  and  Border 
Protection,  Citizenship  and 
Immigration  Services,  and  Im¬ 
migration  and  Customs  En¬ 
forcement  units. 

The  hosted  software  system, 
called  QuickHire,  automates 
the  processing  of  often  com¬ 
plex  government  job  applica¬ 
tions  and  can  quickly  link 
candidates  to  the  appropriate 
open  job  slot. 

Unable  to  Handle  Volume 

At  HHS,  the  system  worked 
well  for  several  months  after  it 
went  live  in  October  2003,  said 
Bob  Hosenfeld,  the  agency’s 
deputy  assistant  secretary  for 
human  resources.  However,  by 
the  time  QuickHire  was  shut 
off  last  month,  “the  software 
was  unable  to  handle  the  vol¬ 
ume  and  demands  placed  on  it 
by  the  department  and  appli¬ 
cants,”  he  said. 

Monster  subsidiary  Monster 
Government  Solutions,  based 
in  McLean,  Va.,  runs  and  man¬ 


ages  the  QuickHire  software. 
The  operation’s  customer  list 
includes  some  60  federal 
agencies,  according  to  a  Mon¬ 
ster  spokeswoman. 

The  Monster-hosted  systems 
supporting  HHS  and  the  DHS 
went  off-line  by  mutual  agree¬ 
ment  on  March  9.  Monster  has 
been  working  unsuccessfully 
since  then  to  get  the  software 
back  up  and  running. 

At  the  DHS’s  Customs  and 
Border  Protection  agency, 
QuickHire  provided  a  fast  way 
to  fill  vacant  slots,  but  “glitch¬ 
es  in  the  system”  cropped  up, 
said  a  spokesman.  Since  then, 


Terms  reached  on 
technical  advisory 

BY  JAIKUMAR  VIJAYAN 

Sybase  Inc.  last  week  with¬ 
drew  its  legal  threat  against  a 
U.K.-based  bug-hunting  firm 
after  the  companies  reached 
an  agreement  about  the  con¬ 
tents  of  a  software  vulnerabili¬ 
ty  disclosure  that  was  at  the 
center  of  the  dispute. 

Sybase  and  Next  Generation 
Security  Software  Ltd.  in  Sur¬ 
rey,  England,  issued  a  joint  an¬ 
nouncement  about  a  series  of 
security  holes  that  NGS  found 
in  Sybase’s  Adaptive  Server 


the  application  has  been  un¬ 
able  to  handle  heavy  volume, 
and  it  began  timing  out  while 
job  applications  were  being 
processed,  he  said. 

Rather  than  canceling  the 
hosted  service,  “we  basically 
went  back  to  the  drawing  board 
and  are  trying  to  work  out  the 
glitches,”  the  spokesman  said. 
Those  whose  job  applications 
have  been  lost  have  been  con¬ 
tacted  via  e-mail,  to  the  best  of 
the  agency’s  ability,  and  have 
been  urged  to  reapply,  he  said. 

As  of  April  4,  the  agency’s 
Web  site  stated  that  all  job 
openings  would  be  posted  on 


Enterprise  database  last  year. 
The  companies  pointed  users 
to  a  technical  advisory  posted 
by  NGS  and  to  information  on 
Sybase’s  Web  site  about  fixes 
that  were  released  in  February. 

Two  weeks  earlier,  NGS 
dropped  plans  to  publicly  re¬ 
lease  details  of  the  database 
flaws  after  Dublin,  Calif.- 
based  Sybase  warned  that  it 
would  take  legal  action  if  NGS 
went  ahead  with  the  disclo¬ 
sure.  Sybase  said  the  warning 
was  motivated  by  concern  for 
the  security  of  Sybase  ASE 
users  [QuickLink  53410]. 

Sherief  Hammad,  a  found¬ 
ing  director  of  NGS,  said  last 


an  alternative  government  site 
and  that  some  candidates 
would  need  to  provide  appli¬ 
cation  information  via  e-mail 
while  QuickHire  is  down. 

Without  offering  specifics, 
the  Monster  Government  So¬ 
lutions  spokeswoman  said  the 
QuickHire  performance  issues 
were  the  result  of  “unantici¬ 
pated  and  exceptionally  high 
volume  of  applicants  and  open 
positions.”  She  said  all  of  the 
organizations  have  been  work¬ 
ing  together  to  fix  the  prob¬ 
lems,  but  “at  this  time,  it  is  un¬ 
clear  how  long  the  sites  will 
be  unavailable.” 

She  also  said  that  the  com¬ 
pany  uses  multiple  database 
servers  for  its  customers  to 
contain  glitches  on  one  ma¬ 
chine,  which  ensures  that  the 
current  problem  “doesn’t  im¬ 
pact  our  broader  client  base.” 

One  of  Monster’s  happy 
customers  is  the  FBI,  where 
QuickHire  was  deployed  in 
early  2004. 

A  spokeswoman  said  the  FBI 
is  “having  great  success”  using 
the  system  for  both  external 
and  internal  job  candidates. 

She  said  the  system  reduces 
the  number  of  man-hours  in¬ 
volved  in  processing  applica¬ 
tions.  “Like  any  new  program, 
we’re  making  changes  and  ad¬ 
ditions  and  updates  as  deter¬ 
mined  by  ongoing  usage,”  she 
said.  ©  53653 


week  that  the  research  firm 
agreed  to  let  its  vulnerability 
advisory  be  edited  by  Sybase 
officials  after  hearing  about 
their  concerns. 

“We  managed  to  word  the 
advisory  in  such  a  way  that  we 
felt  we  had  enough  details  for 
it  to  be  worthwhile  to  the  pub¬ 
lic  and  Sybase  felt  it  had  limit¬ 
ed  ability  to  be  exploited,” 
Hammad  said.  “At  the  end  of 
the  day,  it  was  a  fairly  amica¬ 
ble  agreement.” 

Sybase’s  edits  were  margin¬ 
al  and  didn’t  alter  the  meaning 
of  the  original  content  in  any 
way,  Hammad  said.  As  part  of 
the  deal  with  Sybase,  “there 
was  no  agreement  that  they 
will  get  this  privileged  process 
every  time,”  he  noted. 

Hammad  added  that  NGS 
doesn’t  plan  to  revise  its  vul- 


Sybase  Drops  Legal  Threat 
On  Disclosure  of  Flaws 
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Multivendor  Outsourcing  Wins 
Some  Fans;  Others  Not  Sold 


Approach  reduces 
costs  but  increases 
complexity 

BY  PATRICK  THIBODEAU 

LOS  ANGELES 

When  IT  executives  talk  about 
having  a  “multisourced”  envi¬ 
ronment,  they  often  mean  that 
they’re  using  two  or  three 
large  outsourcing  vendors  to 
run  their  technology  opera¬ 
tions.  But  at  Sunoco  Inc.,  mul¬ 
tisourcing  has  meant  turning 
to  17  companies  to  deliver  IT 
infrastructure  services  over 
the  past  several  years. 

Tim  Murtha,  who  last  week 
retired  from  his  job  as  manag¬ 
er  of  systems  at  Sunoco  after 
a  40-year  career  in  its  IT  de¬ 
partment,  said  at  an  outsourc¬ 
ing  conference  held  here  by 
Gartner  Inc.  that  the  petrole¬ 
um  and  chemical  company  be¬ 
lieves  in  using  best-of-breed 
service  providers. 

Murtha  said  large  outsourc¬ 
ing  vendors  often  subcontract 
out  specialized  work,  such  as 
managing  virtual  private  net¬ 
works  or  IT  security  func¬ 
tions.  By  working  directly 


H  Are  these 
guys  going  to 
play  well  together? 
That’s  kind  of  a  big 
argument  against 
[best-of-breed  out¬ 
sourcing]  for  us. 

GEORGE  JANNINO, 

STARWOOD  HOTELS  &  RESORTS 

with  smaller  vendors,  Murtha 
felt  that  Philadelphia-based 
Sunoco  was  in  a  better  posi¬ 
tion  to  get  lower  prices  over¬ 
all.  “At  the  end  of  the  day,  we  . 
knew  we  were  going  to  drive  a 
lower  unit  cost,”  he  said,  al¬ 
though  he  said  the  real  value 
was  increased  technology 
flexibility. 

At  the  Gartner  conference, 
some  attendees  wondered 
whether  the  cost  of  managing 
numerous  vendors  would  off¬ 
set  any  possible  contract 
gains.  They  said  that  they’re 
trying  to  find  the  right  formu¬ 
la  for  using  different  vendors 
without  adding  costs  or  un¬ 
dermining  their  existing  out¬ 


nerability  disclosure  policies 
as  a  result  of  the  incident.  NGS 
officials  said  they  initially  dis¬ 
close  the  existence  of  flaws 
only  to  the  affected  software 
vendors  and  then  wait  for 


Database 
Flaw  Details 

Information  about  the  Sybase 
ASE  security  fixes  can  be 
found  at  the  following  links: 

■  www.sybase.com/ 
detail?id=1034520 

www.sybase.com/ 

detail?id=1034752 

The  technical  advisory  pub¬ 
lished  by  NGS  is  available  at: 

a  www.ngssoftware.com 
/advisories/sybase-ase.txt 


patches  to  be  released  before 
going  public  with  the  details. 

Kathleen  Schaub,  vice  presi¬ 
dent  of  marketing  at  Sybase, 
said  the  whole  affair  stemmed 
from  a  misinterpretation  of 
the  software  vendor’s  motives 
on  the  part  of  NGS. 

“From  our  standpoint,  it  was 
a  miscommunication,”  Schaub 
said.  “As  soon  as  we  started 
the  dialogue,  they  realized, 
and  we  agreed,  that  they  could 
publish  what  they  felt  they 
needed  to.” 

Sybase  is  evaluating  whether 
it  needs  to  set  a  formal  policy 
for  dealing  with  vulnerability 
researchers,  Schaub  said.  But 
she  added  that  the  software 
vendor  “will  work  more  pro¬ 
actively  and  more  coopera¬ 
tively”  with  researchers  in  the 
future.  ©  53669 


sourcing  relationships. 

George  Jannino,  director  of 
technology  contract  manage¬ 
ment  at  Starwood  Hotels  & 
Resorts  Worldwide  Inc.,  said 
the  hardest  part  of  moving  to  a 
best-of-breed  outsourcing  ap¬ 
proach  is  managing  the  proc¬ 
ess.  “Are  those  guys  going  to 
play  well  together?  That’s  kind 
of  a  big  argument  against  it  for 
us,”  he  said. 

White  Plains,  N.Y.-based 
Starwood,  which  owns  hotel 
chains  such  as  Sheraton  and 
Westin,  is  using  two  primary 
IT  services  vendors.  The  com¬ 
pany  previously  had  relied  on 
IBM  to  manage  its  core  IT  in¬ 
frastructure.  But  last  fall,  it 
signed  a  seven-year,  $100  mil¬ 
lion  technology  and  outsourc¬ 
ing  contract  with  Hewlett- 
Packard  Co.  as  part  of  a  plan 
to  replace  its  mainframes  with 
Unix  and  Linux  systems 
[QuickLink  50420]. 

IBM  continues  to  provide 
some  IT  services  at  Starwood 
and  will  play  a  key  role  at 
many  of  its  properties,  han¬ 
dling  tasks  such  as  installation 
of  kiosks,  said  Starwood  CIO 
Bill  Oates.  He  added  that  he 
isn’t  ruling  out  adding  a  third 
major  vendor  to  the  outsourc¬ 
ing  mix,  particularly  in  appli¬ 
cation  development,  which  is 
mostly  done  in-house  now. 

And  despite  his  reservations 
about  best-of-breed  outsourc¬ 
ing,  Jannino  said  the  contract 
with  HP  is  based  on  a  “tower” 
approach  that  gives  Starwood 
the  ability  to  terminate  indi¬ 
vidual  IT  services  if  HP  isn’t 
meeting  specified  perfor¬ 
mance  levels  and  shift  them  to 
other  vendors.  That  includes 
functions  such  as  Web  hosting 
and  server  and  desktop  sup¬ 
port,  he  said. 

Downsides 

But  other  users  at  the  confer¬ 
ence  pointed  out  that  termi¬ 
nating  a  vendor’s  services 
could  result  in  steep  financial 
penalties,  particularly  if  the 
outsourcer  needs  to  recoup 


technology  investments. 

Having  multiple  offshore 
vendors  is  another  issue. 

For  example,  IndyMac  Ban¬ 
corp  Inc.  last  year  picked  Cog¬ 
nizant  Technology  Solutions 
Corp.  in  Teaneck,  N.J.,  to  help 
with  projects  such  as  develop¬ 
ing  a  new  loan-origination 
system,  said  Mark  Nelson, 
executive  vice  president  of 
global  services  at  the  Pasade¬ 
na,  Calif.-based  savings  and 
loan  company. 

About  60%  of  Cognizant’s 
work  is  done  offshore,  Nelson 
said.  For  now,  Cognizant  is  the 
bank’s  only  offshore  vendor. 
But  that  could  change  if  the 


number  of  Cognizant  employ¬ 
ees  assigned  to  IndyMac  in¬ 
creases  from  the  current  level 
of  about  150  people  to  250, 
Nelson  added.  At  that  point, 
IndyMac  would  be  spending 
enough  money  that  it  would 
“have  to  think  about  a  second 
vendor,”  he  said. 

Although  Nelson  said  he’s 
convinced  that  he’s  getting 
high-quality  work  from  Cog¬ 
nizant,  the  bank’s  top  execu¬ 
tives  will  want  to  know  “how 
we’re  sure  we  are  getting  the 
best  value,”  he  added.  “So  we’ll 
have  to  have  very  capable 
benchmarking  or  that  second 
horse  in  the  stable.”  ©  53676 


Costco  Aims  to  Avoid 
Offshore  Dependency 

LOS  ANGELES 


RETAILER  COSTCO  Whole¬ 
sale  Corp.  uses  offshore  devel¬ 
opment  but  is  still  hiring  lots  of 
programmers  internally.  Don 
Burdick,  senior  vice  president 
of  information  systems  at  Cost¬ 
co,  said  last  week  that  he  has 
about  60  vacancies  for  devel¬ 
opers  with  RPG,  .Net  and  Java 
skills  on  his  programming  staff, 
out  of  a  total  of  250  positions. 

The  underlying  philosophy  at 
Issaquah,  Wash.-based  Costco, 
which  had  revenue  of  about 
$48  billion  last  year,  is  “that  our 
own  employees  do  it  better,” 
Burdick  said  at  the  Gartner  out¬ 
sourcing  conference.  He  added 
that  Costco  typically  promotes 
from  within  when  higher-level 
IT  jobs  open  up,  because  it 
wants  to  retain  the  business 
knowledge  that  workers  have 
accumulated. 

“We’re  actually  able  to  give 
people  good  career  paths  inside 
our  own  IT  organization,  and  we 
believe  that  encourages  them 
to  get  in  and  really  learn  the 
business,”  Burdick  said.  “That's 
a  huge  competitive  advantage.” 

He  said  that  Costco  turned 
to  offshore  services  after  it  had 
trouble  hiring  programmers  in 
2000,  during  the  height  of  the 
dot-com  boom.  The  retailer  is 
using  Aliso  Viejo,  Calif.-based 
U.S.  Technology  Resources 


LLC,  which  operates  an  off¬ 
shore  center  in  Kerala,  India. 

“It’s  really  important  for  us  in 
our  environment  that  [internal] 
people  not  feel  threatened,  that 
they  don’t  feel  that  their  jobs 
are  going  away,"  Burdick  said. 
“Outsourcing  has  become  a  eu¬ 
phemism  for  downsizing,  right- 
sizing,  getting  rid  of  people  and 
solving  problems.” 

Costco  executives  weren’t 
looking  at  offshore  outsourcing 
as  a  way  to  save  money,  accord¬ 
ing  to  Burdick.  “In  fact,  we  were 
looking  at  it  the  opposite  way  - 
we  wanted  to  leverage  our 
people”  for  high-value  projects 
such  as  rewriting  the  company's 
membership  database,  he  said. 

The  offshore  developers  pri¬ 
marily  do  maintenance  work, 
although  they  have  been  inte¬ 
grated  into  Costco’s  workforce 
and  are  treated  as  part  of  its 
development  teams.  But  Bur¬ 
dick  said  he  thinks  it's  essential 
to  keep  development  expertise 
in-house  “and  not  become  de¬ 
pendent  on  the  outsourcer.” 

It’s  also  part  of  Costco’s  cul¬ 
ture  to  ensure  that  any  out¬ 
sourcer  the  company  works 
with  pays  above  the  prevailing 
wage,  offers  health  benefits 
and  uses  full-time  employees. 
Burdick  said.  “We  want  to  raise 
the  standards.” 

-Patrick  Thibodeau 
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SiebeS  Issues  Q1 
Earnings  Warning 

Siebe!  Systems  Inc.  warned  that 
revenue  and  earnings  for  its  first 
fiscal  quarter  fell  below  expecta¬ 
tions.  Siebel  expects  revenue  of 
$297  million  to  $300  million  for 
the  quarter  that  ended  March  31. 
The  consensus  forecast  of  ana¬ 
lysts  was  $337.5  million.  Soft¬ 
ware  license  revenue  will  likely 
decline  from  $126.8  million  last 
year  to  $75  million.  In  last  year’s 
first  quarter,  Siebel’s  revenue  was 
$329.3  million.  (See  the  editorial 
on  page  20  for  more  on  this.) 


HP  Plans  to  Unveil 
Linux  NAS  Device 

Hewlett-Packard  Co.  is  readying 
a  new  Linux-based  enterprise- 
quality  network-attached  storage 
(NAS)  device  to  be  managed  us¬ 
ing  its  StorageWorks  Grid  archi¬ 
tecture.  It  will  be  launched  May  16 
at  the  HP  StorageWorks  Confer¬ 
ence  in  Las  Vegas.  HP  also  plans 
to  announce  a  refresh  of  its  Enter¬ 
prise  Virtual  Array  product  line. 


Stone  Named  CEO 
At  StreamServe 

Former  Novell  Inc.  executive  Chris 
Stone  was  named  CEO  and  presi¬ 
dent  of  StreamServe  Inc.,  a  busi¬ 
ness  communications  manage¬ 
ment  vendor.  Stone  replaces 
StreamServe  co-founder  Hans 
Otterling,  who  is  now  vice  chair¬ 
man  of  the  board.  Stone  left  Novell 
last  November  after  helping  it  ac¬ 
quire  SUSE  Linux  AG  and  taking  it 
on  an  open-source  track. 


Progress  Spends 
$25Mfor  Apama 

Progress  Software  Corp.  has  ac¬ 
quired  privately  held  Apama  Inc. 
for  about  $25  million  in  cash.  Apa¬ 
ma  sells  event  stream  processing 
technology,  mostly  to  the  financial 
services  industry.  Apama  will  be¬ 
come  part  of  Progress’  Object- 
Store  unit,  whose  real-time  data 
infrastructure  technology  will  be 
integrated  with  Apama’s  offerings. 
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HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  GOSSIP  BY  MARK  HALL 


CIOs  Target  Service 
And  Support . . . 

. . .  fees  for  their  next  budget  cuts.  That  should  send  a 
shiver  down  the  spine  of  many  a  CFO  at  software 
vendors  that  slap  15%,  18%  or  20%  annual  taxes,  if 
you  will,  on  top  of  their  license  prices.  According  to 
survey  results  released  last  month  by  the  San  Diego- 


based  Service  &  Sup 
port  Professionals 
Association,  more 
than  half  of  the  220 
IT  managers  it  polled 
last  fall  said  they 
want  to  chop  those 
fees.  “CIOs  have  al¬ 
ready  taken  a  big 
chunk  out  of  the  licensing 
part,”  says  Irfhan  Rajani,  CEO 
of  Apparent  Networks  Inc.  in 
Vancouver,  British  Columbia. 
“Now  they’re  turning  their 
focus  on  the  next  chunk  of 
cash  —  the  annuity  stream 
of  maintenance  fees.”  Despite 
the  high  margins  generated 
by  that  stream,  Rajani  says 
software  vendors  have  long 
considered  their  service  and 
support  divisions  “as  the 
poor  cousin,”  investing  mini¬ 
mally  in  their  operations.  As 
a  result,  software  support  is 
often  viewed  by  users  as  in¬ 
effective  or  unresponsive,  he 
says.  But  Rajani  adds  that  in 
the  current  climate  of  per¬ 
ceived  overpricing  and  un¬ 
derperformance  on  support, 
vendors  “have  to  justify  this 
annuity  stream  to  their  cus- 


64% 

IT  managers 
intending  to  rene 
gotiate  service 
contracts,  says 
theSSPA. 


tomers.”  That  could 
result  in  lower  costs 
or  improved  services 
that  make  the  fees 
worth  it,  he  suggests. 
If  better  service  is 
more  important  than 
budget  cuts,  IT  man¬ 
agers  should  scrap 
their  penchant  for  service- 
level  agreements  with  ven¬ 
dors  in  favor  of  service-quali¬ 
ty  agreements,  Rajani  says. 
The  difference  between  an 
SLA  and  an  SQA  is  more 
than  one  letter,  he  argues. 

An  SLA  will  guarantee  so 
much  bandwidth  or  so  many 
9s  of  uptime  for  an  applica¬ 
tion.  But  what  you  really  want 
is  an  agreement  that  guaran¬ 
tees  the  response  time  of 
your  applications,  which  is 
what  an  SQA  demands.  So, 
when  you  negotiate  your 
next  service  and  support 


deal,  think  service  quality. 

Oh,  and  bring  an  ax  to  the 
meetings  —  maybe  labeled 
“Ax  the  tax.”  Your  vendors 
will  get  the  idea. 

Identity  management 
isn’t  just  a  security. . . 

. . .  headache;  it’s  also  a  produc¬ 
tivity  drain.  The  No.  1  problem 
that  help  desk  staffers  solve  is 
resetting  end-user  passwords. 
That’s  because  people  inside 
big  companies  have  too  many. 
Eight  per  user  is  the 
minimum  that  Impriva- 
ta  Inc.  found  inside  an 
unspecified 
number  of 
large  corpo¬ 
rations  it  stud¬ 
ied  last  year,  says 
Omar  Hussain,  senior 
vice  president  of  marketing 
and  product  management  at 
the  Lexington,  Mass.-based 
vendor.  And  that’s  too  many 
for  one  poor  soul  to  remem¬ 
ber,  he  argues.  The  solution? 
Single  sign-on  technology, 
Hussain  says  —  specifically, 
Imprivata’s  OneSign  appli¬ 
ance.  Next  month,  Imprivata 
will  release  Version  2.8  of  the 
OneSign  software,  adding 
support  for  biometric  and 
smart-card  devices  from  ven¬ 
dors  including  Vasco  Data 
Security  International  Inc., 
Gemplus  International  SA 
and  Supercom  Canada  Ltd. 
OneSign  can  handle  as  many 
as  25,000  Windows  end  users 
and  creates  detailed  reports 
about  who  accessed  what  and 
when  —  a  big  plus  in  this  era 
of  compliance  auditing.  Pric¬ 
ing  starts  at  $60  per  user. 

Wireless  security 
appliance  offers . . . 

. . .  an  access  point,  a  firewall 
and  a  virtual  private  network. 

The  VPN-1  Edge  W  from 


OneSign  can  sup 
port  25,000 
users. 


Check  Point  Software  Tech¬ 
nologies  Ltd.  in  Redwood 
City,  Calif.,  ships  this  week 
with  a  starting  price  of  $799. 
The  new  device  supports 
802.11  Super  G,  which  doubles 
wireless  data  transmission 
rates  to  108Mbit/sec.  and 
triples  the  range  of  access 
points  to  300  meters  indoors 
and  1  kilometer  outdoors.  The 
appliance  handles  WEP,  WPA 
and  IPsec  encryption  and  can 
function  as  your  print  server. 
It  does  not,  however,  include 
a  kitchen  sink 
among  its  fea¬ 
tures.  Check 
Point  will  also 
ship  by  next  week 
an  extension  to 
Express,  its  integrat¬ 
ed  VPN,  firewall  and  intru¬ 
sion-prevention  system  soft¬ 
ware,  which  is  aimed  at  mid¬ 
size  companies.  Check  Point 
Express  Cl  adds  antivirus  soft¬ 
ware  to  its  gateway  server. 
Pricing  starts  at  $4,000. 

Single  sign-on  for 
desktop  Linux . . . 

. . .  users  is  here,  too.  Ken  Het- 
zer,  vice  president  of  business 
development  at  TF$  Technol¬ 
ogy  Inc.,  says  the  Herndon, 
Va.-based  company  last 
month  started  shipping  TFS 
Workstation  Control  for  Lin¬ 
ux  software,  which  joins  its 
Windows  offering.  Both  prod¬ 
ucts  use  a  Linux  or  Unix  serv¬ 
er  to  centrally  manage  and 
store  end-user  credentials 
and  passwords.  By  Q4,  TFS 
will  add  biometric  and  smart- 
card  support  for  Linux  desk¬ 
top  systems,  Hetzer  says.  He 
acknowledges  that  the  Linux 
desktop  market  is  small.  But, 
he  says,  “we’re  going  to  be  on 
the  forefront  for  organiza¬ 
tions  moving  to  Linux.”  Het¬ 
zer  adds  that  TFS  is  looking 
“very  closely”  at  adding  sin¬ 
gle  sign-on  support  for  end- 
user  devices  such  as  Macin¬ 
toshes  and  Palm  handhelds. 
Pricing  for  both  the  Linux 
and  Windows  versions  starts 
at  $50  per  seat.  ©  53633 
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Printing  costs  are  on  the  rise.  U.S. 
enterprises  spend  1  to  10%  of  their 
annual  revenues  just  on  printing.  You  can 
change  that.  Insight’s  Print  Assessment 
services  can  help  you  identify  inefficiencies 
in  your  printing  environment.  Working  with 
leading  suppliers  like  HP,  Insight  can  assess 
your  printing  needs,  design  and  deploy  an 
optimized  print  environment  that  provides 
cutting-edge  output  technologies  at  a 
significant  savings.  Put  the  power 
of  print  assessment  to  work  for  you. 
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CASE  STUDY: 


Optimize  and  Save 


Insight  Print  Assessment  services  helped  one  major 
medical  facility  increase  utilization  and  decrease  costs 
for  its  printer  fleet.  Using  network-based  tools,  we 
identified  all  network  and  locally  attached  printers  and 
collected  page  counts  to  calculate  the  costs  of  toner,  ink 
and  other  consumables.  Insight  applied  the  data  to 
develop  a  print  optimization  plan  that  will  save  the 
organization  $500,000  in  three  years.  Now,  that’s  a 
solution  with  a  real  return. 
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CA’s  Top  Exec  Aims  for 
More-Focused  Operations 


Swainson  creates  five  separate  software 
development  units,  seeks  data  on  ROI 


BY  MATT  HAMBLEN 

Computer  Associates  Interna¬ 
tional  Inc.  last  week  formally 
announced  a  reorganization  of 
its  product  operations  into  five 
business  units  with 
their  own  develop¬ 
ment,  marketing  and 
profit-and-loss  re¬ 
sponsibilities.  The 
changes  were  set  in 
motion  earlier  this 
year  by  John  Swain¬ 
son,  CA’s  new  presi¬ 
dent  and  CEO 
[QuickLink  52225]. 

Swainson,  who  joined 
CA  in  November, 
spoke  with  Computerworld 
last  week  about  the  formation 
of  the  business  units  and  other 
issues.  Excerpts  from  the  inter¬ 
view  follow: 

You’re  outlining  five  new  business 
units  and  other  changes  at  CA. 


Why  now?  It’s  a  follow-up  to 
what  was  said  last  December 
about  how  to  get  CA  focused 
and  aligned,  and  with  all  [parts 
of  the  company]  pulling  on  the 
same  rope.  We’ve  ob¬ 
viously  been  in  our 
final  quarter  of  the 
fiscal  year,  and  that 
didn’t  seem  like  a 
great  time  for  organi¬ 
zational  changes.  But 
now  we’re  through 
that. 

What’s  your  goal  in  cre¬ 
ating  individual  busi¬ 
ness  units?  This  is 
what  you  need  if  you  manage 
a  company  the  size  of  CA.  You 
can’t  manage  it  from  the  cor¬ 
ner  office.  You  have  to  create 
managers  focused  on  well- 
defined  markets  and  goals, 
and  you  have  to  give  them  the 
power  to  go  after  those  goals. 


You  have  to  manage  the  com¬ 
pany  overall  in  a  way  that 
looks  at  ROI  and  invested 
capital,  and  that’s  not  histori¬ 
cally  how  CA  was  run.  We 
didn’t  have  a  view  of  how 
much  was  spent  in  a  business 
and  what  return  you  would 
get  from  it. 

Are  these  changes  tied  to  the 
SAP-based  ERP  system  that  CA  is 
developing?  It  will  be  absolutely 
tied  to  the  ERP  system,  which 
is  why  we  had  to  do  it  now. 

The  idea  of  business  units  was 
kicking  around  CA  for  a  couple 
of  years.  In  2001,  we  took  the 
first  step  with  two  business 
units,  one  for  security  and  one 
for  everything  else.  Then  the 
company  got  distracted,  as  you 
might  imagine,  and  nothing 
happened  for  a  while. 

What  are  the  corporate  customers 
you’ve  met  with  over  the  past  few 
months  telling  you  about  CA?  I’ve 
talked  to  hundreds  of  them, 


\  i 

SWAINSON  says  CA 
has  more  to  do  to 
meet  users’  needs. 


Acquisition  Seen  as  Steps  Forward 


Internal  Changes, 

IN  ADDITION  to  its  internal 
makeover,  Computer  Associates 
last  week  announced  another 
acquisition,  saying  that  it  has 
agreed  to  buy  network  service 
management  software  vendor 
Concord  Communications  Inc. 
for  about  $330  million  in  cash. 

Analysts  said  these  develop¬ 
ments  are  signs  that  CA  is  start¬ 
ing  to  move  forward  after  reach¬ 
ing  settlements  last  fall  with  the 
U.S.  Department  of  Justice  and 
the  Securities  and  Exchange 
Commission  over  an  alleged  ac¬ 
counting  fraud  scheme  at  the 
company  in  1999  and  2000 
[QuickLink  49647]. 

“To  a  certain  extent,  the 
sleeping  giant  of  CA  is  awaken¬ 
ing,”  said  Stephen  Elliott,  an 
analyst  at  Framingham,  Mass.- 
based  IDC.  Elliott  said  the  new 
business-unit  structure  should 
make  CA's  operations  more  effi¬ 


cient  and  focused.  He  added 
that  the  Concord  acquisition  will 
give  CA  new  customer  accounts 
among  telecommunications  ven¬ 
dors  and  service  providers. 

CA  has  had  “a  lot  of  big  ques¬ 
tion  marks  over  its  head  for  a 
while,”  noted  Dennis  Drogseth, 
an  analyst  at  Enterprise  Man¬ 
agement  Associates  in  Boulder, 
Colo.  “All  of  a  sudden,  they  have 
a  new  structure  and  a  major  ac¬ 
quisition  with  Concord.  It  could 
position  them  well." 

The  five  business  units  being 
created  by  John  Swainson,  CA’s 
president  and  CEO,  include  sepa¬ 
rate  operations  for  enterprise  sys¬ 
tems,  security  and  storage  man¬ 
agement,  as  well  as  a  Business 
Service  Optimization  group  that 
will  develop  tools  to  support  func¬ 
tions  such  as  business  process 
modeling  and  IT  governance. 

The  fifth  unit,  called  the  CA 


Products  Group,  will  be  respon¬ 
sible  for  existing  offerings  that 
fall  outside  of  the  company’s 
core  technology  areas.  Those 
products  include  application  de¬ 
velopment  and  mainframe  data¬ 
base  management  tools,  a  CA 
spokesman  said. 

CA  said  the  general  managers 
of  the  business  units  will  be  ac¬ 
countable  for  the  financial  per¬ 
formance  of  their  own  opera¬ 
tions  and  will  be  in  charge  of 
staffing,  strategic  planning  and 
customer  satisfaction,  in  addi¬ 
tion  to  product  development  and 
marketing. 

The  Concord  acquisition  is  ex¬ 
pected  to  be  completed  within 
three  to  four  months.  CA  said  the 
Marlboro,  Mass.-based  compa¬ 
ny’s  operations  will  be  integrated 
into  the  enterprise  systems  man¬ 
agement  business  unit. 

-Matt  Hamblen 


and  they’re  all  pretty  positive 
about  what  they  think  the  rela¬ 
tionship  with  CA  can  be.  A  lot 
are  waiting  for  us  to  deliver  on 
our  promises,  frankly.  We  have 
more  to  do  in  that  regard. 

I’m  sure  people  ask  you  about  CA’s 
internal  accounting  difficulties  and 
the  settlement  deal  that  the  com¬ 
pany  signed  with  the  government 
last  year.  Yes,  many  customers 
have  asked  what  we’re  doing 
to  change  and  how  we  can  en¬ 
sure  [that]  something  similar 
won’t  happen  again.  So  I  tell 
them  we’ve  changed  five  of 
the  top  financial  executives, 
we’ve  replaced  all  10  lawyers, 
we  have  a  new  CFO,  CEO  and 
chief  marketing  officer.  Then 
I  say  that  we’re  investing  in 
new  ERP  software  and  have 
a  new  compliance  officer. 


Your  letter  to  customers  about 
the  new  business  units  also  men¬ 
tions  the  need  to  beef  up  CA’s  in¬ 
direct  sales  channel,  since  it  ac¬ 
counts  for  only  about  10%  of  your 
sales,  with  the  industry  average 
at  50%.  What  is  a  good  level  for 
CA?  Well,  10%  can’t  be  right. 
But  I  don’t  know  if  we’d  ever 
make  it  to  50%.  Channel  part¬ 
nerships  will  help  us  broaden 
our  reach. 

We’ll  continue  to  focus 
on  direct  [sales  to  large]  ac¬ 
counts.  But  indirect  sales  will 
serve  the  midtier  segment, 
with  whom  we  have  no  rela¬ 
tionships  now.  ©  53671 


READ  MORE 

An  extended  version  of  our  interview  with 
John  Swainson  is  available  online: 

QuickLink  53589 
www.computerworld.com 


IT  Glitch  Halts  Payments 
To  GM  Workers,  Retirees 


BY  TODD  R.  WEISS 

Data-transfer  problems  during 
a  switch  of  health  insurance 
benefits  administrators  at  the 
start  of  this  year  continue  to 
cause  problems  for  thousands 
of  General  Motors  Corp.  em¬ 
ployees  and  retirees. 

Sharon  Baldwin,  a  spokes¬ 
woman  for  GM,  confirmed 
last  week  that  an  unknown 
number  of  GM  workers,  re¬ 
tirees  and  their  dependents 
are  still  having  problems  get¬ 
ting  health  care  and  prescrip¬ 
tion  bills  paid  more  than  three 
months  after  Boston-based  Fi¬ 
delity  Investments  took  over 
as  administrator  of  the  plan. 

“No  one  has  lost  benefits, 
and  they  still  have  continuity 
of  care”  while  the  glitches  are 
being  resolved,  Baldwin  said. 

Previously,  GM  workers  and 
retirees  were  served  by  three 
different  health  care  adminis¬ 
trators,  she  said.  On  Jan.  1,  GM 
replaced  the  three  with  a  sin¬ 
gle  administrator,  Fidelity. 

The  accounts  of  1.1  million 
workers,  retirees  and  depen¬ 
dents  were  to  be  transferred 
from  the  previous  administra¬ 
tors  to  Fidelity.  However, 
about  2%,  or  22,000  accounts, 
didn’t  transfer  properly  before 


the  new  system  went  live, 
Baldwin  said. 

Many  of  the  problem  ac¬ 
counts  were  found  through 
testing  before  the  system  went 
live,  but  thousands  of  other 
problem  accounts  initially 
went  undetected.  GM  and  Fi¬ 
delity  heard  about  the  prob¬ 
lems  when  workers  and  re¬ 
tirees  called  to  complain 
about  difficulties  they  were 
having  with  their  insurance 
benefits,  she  said. 

Baldwin  wouldn’t  estimate 
the  number  of  workers  and 
retirees  who  are  still  having 
trouble  with  their  accounts. 

“We  have  emergency 
processes  in  place  so  that 
everybody  has  coverage,  and 
we’ll  do  whatever  they  need” 
to  be  sure  that  claims  are  paid, 
Baldwin  said.  GM  moved  to 
just  one  benefits  administrator 
so  that  workers  and  retirees 
could  manage  their  benefits 
through  a  single  point  of  con¬ 
tact,  she  said.  GM  has  about 
170,000  workers  in  the  U.S. 

A  Fidelity  spokesman  de¬ 
clined  to  comment  on  the 
matter,  and  a  spokesman  for 
the  United  Auto  Workers 
union  didn’t  return  calls  seek¬ 
ing  comment.  ©  53670 
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Microsoft  Delays 
HPC  Availability 

Microsoft  Corp.  pushed  back  the 
release  of  a  version  of  Windows 
Server  for  high-performance  com¬ 
puting  (HPC)  until  the  first  half  of 
next  year.  Windows  Server  2003 
Compute  Cluster  Edition  was  to 
ship  by  year’s  end,  but  Microsoft 
said  it  needs  more  time  to  make 
the  product  easier  to  manage  and 
deploy.  The  first  beta  version  will 
ship  in  the  second  half  of  2005. 


IBM  Signs  Reseller 
Deal  With  NetApp 

IBM  has  signed  an  agreement  to 
resell  Network  Appliance  Inc. 
storage  products  under  the  IBM 
logo.  Under  the  pact,  IBM  will  re¬ 
brand  NetApp’s  network-attached 
storage  and  iSCSI/IP  SAN  prod¬ 
ucts  and  software.  The  rebranded 
products  will  ship  in  the  third 
quarter.  The  pact  also  calls  for 
increased  integration  of  NetApp’s 
products  with  IBM’s  Tivoli  Stor¬ 
age  Manager  software. 


VeriSign  Beefs  Up 
Server  Supply 

VeriSign  Inc.,  which  operates  the 
.com  and  .net  domain  names, 
plans  to  add  more  regional  resolu¬ 
tion  servers  to  its  existing  constel¬ 
lation  to  keep  up  with  growing  In¬ 
ternet  traffic.  The  company  oper¬ 
ates  18  Internet  servers  worldwide 
that  handle  more  than  14.5  billion 
queries  a  day.  VeriSign  estimates 
that  global  Internet  traffic  doubles 
every  12  to  18  months. 


NEC,  Sun  Expand 
Integration  Alliance 

NEC  Corp.  and  Sun  Microsystems 
Inc.  are  expanding  an  alliance  to 
more  closely  link  systems  integra¬ 
tion,  networking  and  middleware 
technologies.  NEC  will  combine  its 
Univerge  voice-over-IP  gear  with 
Sun’s  SunRay  blade  servers,  and 
the  companies  will  promote  the 
result  as  a  SunRay  reference  ar¬ 
chitecture.  Also,  NEC  will  inte¬ 
grate  its  Valumo  platform  with 
Sun's  Java  Enterprise  System. 


SAS,  Hyperion  Revamp 


Both  firms  looking 
to  provide  broader 
user  access  to  data 

BY  HEATHER  HAVENSTEIN 

as  institute  inc.  and 
Hyperion  Solutions 
Corp.  this  week  will 
unveil  revamped  busi¬ 
ness  intelligence  offerings 
they  said  will  meet  enterprise 
demands  for  broader  access 
to  the  tools  among  business 
users. 

At  its  international  user 
conference  in  Philadelphia, 
SAS  plans  to  roll  out  an  en¬ 
hanced  SAS  Enterprise  BI 
Server  —  a  major  component 
of  its  SAS  9  Intelligence  Plat¬ 
form  —  with  a  simplified  user 
interface  for  business  users  to 
conduct  queries  and  analysis. 
In  addition,  SAS  will  an¬ 
nounce  plans  to  bundle  its 
OLAP  Server  with  the  enter¬ 
prise  server  so  users  can  cre¬ 
ate  cubes  and  view  multidi¬ 
mensional  data  within  reports. 

SAS  officials  said  the  updat¬ 
ed  offerings  target  the  low-end 
tools  of  rivals  Cognos  Inc.  and 
Business  Objects  SA. 

“SAS  has  always  been  in  the 
BI  space,  but  it’s  always  been 
. . .  where  the  power  users  have 
been,”  said  Jim  Goodnight, 
CEO  of  Cary,  N.C.-based  SAS. 
“We  figured  out  a  way  to  easi¬ 
ly  hook  all  our  analytics  capa¬ 
bilities  into  the  BI  platform.” 

Atlanta-based  Delta  Tech¬ 
nology  Inc.,  the  IT  division  of 
Delta  Air  Lines  Inc.,  rolled  the 
SAS  9  tools  into  production  two 
weeks  ago,  said  Brent  Brown¬ 
ing,  vice  president  of  network 
systems  at  Delta  Technology. 
His  group  is  eyeing  the  new  BI 
server  for  users  in  its  pricing 
and  revenue  departments. 

“We’re  hoping  to  move  SAS 
beyond  the  high-end  analytics 
. . .  and  really  make  it  an  ad 
hoc  reporting  tool  and  stan¬ 
dard  reporting  tool  in  our 
environment,”  he  said. 

Cindi  Howson,  a  faculty 
member  at  The  Data  Ware¬ 
housing  Institute  in  Seattle 
and  author  of  the  independent 
“BI  Scorecard”  report,  which 


evaluates  BI  tools,  said  the  en¬ 
hancements  are  overdue  be¬ 
cause  SAS  has  long  been  “tak¬ 
ing  a  beating  for  being  too 
complex”  for  business  users. 

With  the  new  version  of  the 
server  sophisticated  users  can 
access  advanced  analytics 
through  a  metadata  layer,  and 
business  users  can  use  a  re¬ 
port-building  wizard  for  easier 
access  to  data,  she  said. 

New  Suite 

For  its  part,  Santa  Clara,  Calif.- 
based  Hyperion  will  detail  an 
enhanced  business  perfor¬ 
mance  management  suite  at 
its  user  conference  this  week 
in  New  Orleans. 

Hyperion  Applications  Suite 
4  features  a  single  user  inter¬ 
face  that  executives  said  will 
allow  users  enterprisewide 


BY  LUCAS  MEARIAN 

New  intelligent  network  man¬ 
agement  chips,  4Gbit/sec.  Fibre 
Channel  technology  and  a  mul¬ 
titude  of  iSCSI  switches,  con¬ 
trollers  and  network  cards  are 
anticipated  at  this  week’s  Stor¬ 
age  Networking  World  (SNW) 
show  in  Phoenix.  Attendees 
can  also  expect  an  update  on 
the  status  of  several  storage 
standards  during  the  event. 

Arun  Taneja,  founder  of  re¬ 
search  firm  The  Taneja  Group 
in  Hopkinton,  Mass.,  said  that 
several  “intelligent  chips”  in 
new  products  will  be  demon¬ 
strated  for  users  at  SNW. 

“These  are  intelligent  proc¬ 
essors  chip  makers  have  been 
building  for  the  past  three  or 
four  years,”  he  said.  The  chips 
will  play  a  key  role  in  a  flurry 
of  announcements  from  net¬ 
work  vendors,  including 
EqualLogic  Inc.,  LeftHand 
Networks  Inc.  and  Entrada 
Networks  Inc.,  Taneja  said. 

Taneja  also  expects  some 
system-level  disk  products  to 
come  out  of  the  show,  includ- 


to  tap  into  its  enterprise  plan¬ 
ning,  reporting  and  analysis 
products.  It  also  provides  a 
single  Excel  spreadsheet  front 
end  for  users  to  read,  write 
and  interact  with  the  new 
products. 

AutoTrader.com  LLC,  a  beta 
user  of  the  new  suite,  plans 
to  use  the  planning  module 
within  it  to  give  more  users 
access  to  financial  planning 
data,  said  Dan  Crowe,  CIO  at 
the  Atlanta-based  company. 

“We  don’t  want  planning  to 
be  in  an  ivory  tower . . .  that 
has  no  context  in  reality,” 
Crowe  said.  “We’re  going  to 
farm  it  out  to  all  the  directors 
who  run  the  departments. 
We’re  trying  to  make  the  peo¬ 
ple  who  are  accountable  for 
the  results  be  accountable  for 
the  plan.”  ©  53674 


ing  a  new  Clariion  array  with 
an  iSCSI  interface  from  EMC 
Corp.  The  company  is  also  ex¬ 
pected  to  showcase  its  Storage 
Router  virtualization  technol¬ 
ogy,  which  was  unveiled  at  the 
SNW  show  last  fall  and  is  slat¬ 
ed  to  ship  in  the  first  half  of 
this  year. 

Making  the  Switch 

Meanwhile,  Brocade  Commu¬ 
nications  Systems  Inc.  will  be 
unveiling  4Gbit/sec.  Fibre 
Channel  switches  as  upgrades 
to  its  SilkWorm  line.  The  Silk- 
Worm  4100  switch  will  sport 
an  application-specific  inte¬ 
grated  circuit  chip  and  is  ex¬ 
pected  to  provide  enhanced 
network-based  management 
features  and  higher  throughput. 

Storage  Technology  Corp. 
will  disclose  plans  to  resell 
Brocade’s  new  4Gbit/sec. 
switches  along  with  its  latest 
array,  the  StorageTek  FLX380 
storage  system.  The  FLX380, 
also  set  to  be  unveiled  at  the 
show,  builds  on  the  FlexLine 
family  of  modular  arrays  but  is 


New  Chips,  Standards 
Expected  at  SNW  Event 


BI  Tools 


NEW  PRODUCTS 


Hyperion 
Applications 
Suite  4 


■  Single  user  interface  for 

enterprise  planning,  reporting 
and  analysis 


■  Excel  spreadsheet  front 

end  to  let  users  read,  write 
and  interact  with  multiple 
Hyperion  products 


SAS  Enterprise 
BI  Server 

■  Simplified  user  interface 

for  query  and  analysis 

■  Integration  with  OLAP 
Server  and  clients 

■  Integration  of  geographic 
visualization 


expected  to  offer  lower  acqui¬ 
sition  and  expansion  costs. 

LSI  Logic  Corp.  will  intro¬ 
duce  its  eight-port  MegaRAID 
serial-attached  SCSI  (SAS) 
adapter,  which  is  designed  to 
allow  users  to  mix  and  match 
higher-performance  disks 
with  lower-cost  Serial  ATA 
(SATA)  disks.  LSI  will  also  un¬ 
veil  its  first  SAS  RAID  6  con¬ 
troller  and  an  iSCSI  array 
that’s  designed  to  let  adminis¬ 
trators  build  an  IP-based  SAN 
using  SATA-based  arrays. 

In  addition  to  the  vendors’ 
announcements,  the  Storage 
Networking  Industry  Associa¬ 
tion  (SNIA)  will  use  the  SNW 
stage  to  announce  that  the 
Storage  Management  Interface 
Specification  (SMI-S),  a  com¬ 
mon  management  interface 
for  storage  management  soft¬ 
ware  and  devices,  has  been 
submitted  to  the  InterNational 
Committee  for  Information 
Technology  Standards. 

SNIA  will  also  introduce 
SMI-S  1.1,  which  is  intended  to 
offer  common  management 
features  between  network- 
attached  storage  arrays,  iSCSI 
arrays,  tape  libraries  and  a 
multipathing  management  ap¬ 
plication  programming  inter¬ 
face.  ©  53668 
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U.S.,  Europe  Differ  Over 
Biometric  Passport  Date 

LONDON 

HE  EUROPEAN  union  and  the 
U.S.  government  are  squabbling 
over  the  U.S.-imposed  deadline  of 
Oct.  26  for  European  travelers  to  carry 
biometric  passports  in  order  to  enter 
the  U.S.  without  a  visa. 

Last  month,  the  EU  requested  an  ex¬ 
tension  to  Aug.  28, 2006,  which  is 
when  EU  member  countries  expect  to 
have  passports  that  work  with  facial 
recognition  systems.  But  in  a  March  31 
letter,  U.S.  House  Judiciary  Committee 
Chairman  F.  James  Sensenbrenner 
(R-Wis.)  replied  that  an  extension  isn’t 
likely  and  urged  the  EU  to  speed  up  its 
development  efforts. 

The  U.S.  already  extended  its  original 
2004  deadline  by  one  year. 

Negotiations  between  U.S. 
and  European  officials 
over  another  deadline  ex¬ 
tension  are  continuing,  but 
the  dispute  raises  the  pos¬ 
sibility  of  retaliation.  The 
EU  will  decide  in  the  next 
couple  of  weeks  whether 
it  will  require  U.S.  citi¬ 
zens  to  obtain  visas  to 
travel  to  EU  countries  if 


their  passports  lack  facial  scans,  a  Eu¬ 
ropean  Commission  spokesman  said. 
■  LAURA  ROHDE,  IDG  NEWS  SERVICE 


RFID  Will  Open  Gates 
For  World  Cup  Soccer 

DOSSELDORF,  GERMANY 

he  2.9  MILLION  fans  who  are  ex¬ 
pected  to  attend  the  World  Cup 
soccer  tournament  in  Germany 
next  year  will  be  given  tickets  sporting 
an  embedded  radio  frequency  identifi¬ 
cation  tag.  Organizers  say  it  will  be 
the  largest-ever  use  of  RFID  at  a 
public  event. 

RFID  technology  offers  a  high  de¬ 
gree  of  security,  which  is  required  by 
the  German  Interior  Ministry,  and 
should  also  help  speed  up  entry  at  sta¬ 
dium  gates,  according  to  Gerd  Gaus,  a 
tournament  spokesman. 
“The  tags  will  contain  no 
personal  data  —  just  a 
number  that  identifies 
each  cardholder,”  he  said. 

But  privacy  activists 
criticized  the  plan  be¬ 
cause  fans  applying  for  a 
ticket  must  submit  vari¬ 
ous  types  of  personal 
data,  such  as  their  ad¬ 
dresses,  phone  numbers, 


birth  dates  and  passport  numbers,  on 
the  registration  form. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 


Five  Vendors  Support 
EU  Case  vs.  Microsoft 

PARIS 

ive  prominent  technology 
vendors  last  week  banded  togeth¬ 
er  to  support  the  European  Com¬ 
mission’s  March  2004  ruling  that 
Microsoft  Corp.  used  its  PC  operating 
system  monopoly  to  try  to  dominate 
the  markets  for  workgroup  server  and 
media  player  software. 

IBM,  Nokia  Corp.,  Oracle  Corp., 
RealNetworks  Inc.  and  Red  Hat  Inc. 
applied  as  a  group  to  intervene  against 
Microsoft  during  the  company’s  appeal 
of  the  commission’s  antitrust  ruling, 
according  to  their  representative, 
Thomas  Vinje,  a  partner  at  law  firm 
Clifford  Chance  LLP  in  Brussels. 

“Microsoft  has  been  saying  that  the 
commission  stands  alone  and  that  it 
didn’t  have  industry  support,”  Vinje 
said.  “This  demonstrates  that  that  is 
untrue.” 

Sun  Microsystems  Inc.,  Novell  Inc. 
and  the  Washington-based  Computer  & 
Communications  Industry  Association 
Inc.  all  withdrew  from  the  European 
case  last  year  as  part  of  wider  legal  set¬ 
tlements  with  Microsoft.  ©  53624 
■  PETER  SAYER,  IDG  NEWS  SERVICE 


Compiled  by  Mitch  Betts, 


Briefly  Noted 

Former  employees  of  a  call  center 

in  Pune,  India,  were  arrested  last 
week  on  charges  of  defrauding  four 
New  York  customers  of  Citibank  NA 
to  the  tune  of  $300,000,  according 
to  a  Pune  police  official.  The  three 
ex-employees  of  Mphasis  BFL  Ltd. 
allegedly  obtained  the  customers’ 

ID  numbers  and  transferred  funds 
into  their  own  accounts,  police  said. 
■JOHN  RSBEIR0,  IDG  NEWS  SERVICE 


The  Open  Source  Initiative,  which 
approves  open-source  software 
licenses,  on  April  1  expanded  its 
board  of  directors  to  include  mem¬ 
bers  from  outside  the  U.S.  The  or¬ 
ganization  added  representatives 
from  the  Netherlands,  Brazil,  Sri 
Lanka  and  Taiwan. 

■  Robert  McMillan, 

IDG  NEWS  SERVICE 


Hitachi  Global  Storage  Technolo¬ 
gies  Inc.  said  it’s  fieid-testing  disk 
drives  based  on  perpendicular 
recording,  a  technology  that  could 
lead  to  1TB  desktop  drives  and  20GB 
versions  of  its  Microdrive  in  2007, 
officials  said  last  week  in  Tokyo. 

■  MARTYN  WILLIAMS, 

IDG  NEWS  SERVICE 


GLOBAL  FACT 


Percentage  of  U.K, 
businesses  that  expei 
enced  some  form  cl 
cybercrime  last  year 

SOURCE:  U.K.  NATIONAL 
HI-TECH  CRIME  UNIT 


Fujitsu  Launches  Itanium 
Servers  for  Linux,  Windows 


Mainframe-class 
systems  support 
32  processors 

BY  ROBERT  MCMILLAN 

Fujitsu  Ltd.  last  week  intro¬ 
duced  two  Itanium-based 
servers  designed  to  offer 
mainframe-class  features  to 
Windows  and  Linux  users. 

The  PrimeQuest  440  and 
480  systems,  which  have  been 
in  development  for  more  than 
two  years,  represent  Tokyo- 
based  Fujitsu’s  first  attempt  at 
building  high-end  systems 
around  Intel  Corp.’s  64-bit 
Itanium  2  microprocessor. 

Chiaki  Ito,  corporate  execu¬ 
tive  vice  president,  said  at  a 
press  conference  in  San  Francis¬ 


co  that  PrimeQuest  is  Fujitsu’s 
next  generation  of  mainframes. 
“However,  this  mainframe  is 
different  from  the  current 
legacy  mainframes,”  he  noted. 

When  the  new  servers  be¬ 
come  available  in  June,  they 
will  initially  support  only  Red 
Hat  Inc.’s  version  of  Linux. 
Support  for  Novell  Inc.’s  SUSE 
Linux  operating  system  and 
Microsoft  Corp.’s  Windows 
Server  2003  Datacenter  Edi¬ 
tion  software  is  expected  by 
September,  Fujitsu  said. 

Electronic  Data  Systems 
Corp.  is  considering  using  the 
Fujitsu  machines  to  consoli¬ 
date  Windows  applications  on 
one  box  without  the  complexi¬ 
ty  or  expense  of  a  clustered 
server  architecture,  said  Stan 


Alexander,  vice  president  of 
technology  strategy  and  archi¬ 
tecture  at  EDS.  “We’re  starting 
to  see  a  lot  more  movement 
toward  growing  large  work¬ 
loads  on  Windows,”  he  said. 
The  IT  services  vendor  plans 
to  test  its  first  PrimeQuest 
systems  within  the  next  sever¬ 
al  months,  Alexander  added. 

The  PrimeQuest  480  is  a 
32-processor  system  that  will 
ship  with  as  much  as  512GB  of 
memory;  the  PrimeQuest  440 
will  support  up  to  16  proces¬ 
sors  and  256GB.  The  systems 
will  eventually  support  as 
much  as  1TB  of  memory,  but 
Fujitsu  executives  declined  to 
say  when  that  will  happen. 

The  systems  will  be  able 
to  handle  the  dual-core  Itani¬ 
um  processor  that  Intel  plans 
to  launch  later  in  the  year, 
which  will  increase  the  num¬ 
ber  of  processing  engines 
supported  on  the  PrimeQuest 


480  to  64,  Fujitsu  said. 

The  company  predicted  that 
it  will  sell  more  than  10,000 
PrimeQuest  units  in  the  next 
three  years,  which  would  rep¬ 
resent  an  estimated  $2  billion 
in  revenue. 

PrimeQuest  isn’t  Fujitsu’s 
first  foray  into  the  Itanium 
market,  but  its  earlier  offering 
was  limited  to  the  Primergy 
server  line,  which  supports 
only  four  CPUs. 

Though  Itanium  has  failed 
to  live  up  to  initial  expecta¬ 
tions  for  adoption  by  corpo¬ 
rate  users,  Unisys  Corp.,  NEC 
Corp.  and  Hitachi  Ltd.  have  all 
preceded  Fujitsu  in  announc¬ 
ing  mainframe-class  systems 
based  on  the  processor. 

Sales  of  Itanium  servers 
totaled  $1.4  billion  last  year, 
according  to  research  firm 
IDC.  Building  servers  that  can 
add  mainframe-class  reliabili¬ 
ty  to  Windows  and  Linux  ap¬ 


plications  is  a  logical  next  step 
for  server  vendors,  said  IDC 
analyst  Jean  Bozman.  ©  53678 


McMillan  writes  for  the 
IDG  News  Service. 


Corrections 

Due  to  incorrect  information  that 
was  provided  to  Computerworld, 
the  name  of  Ramin  Sayar,  direc¬ 
tor  of  product  marketing  at  Mer¬ 
cury  Interactive  Corp.,  was  mis¬ 
spelled  in  a  story  that  ran  in  last 
week's  News  section  ("Tools 
Bridge  IT,  Operations”). 

Last  week’s  Technology  section 
story  about  IP-based  storage 
(“Invasion  of  the  iSCSI  Arrays”) 
inaccurately  described  the  num¬ 
ber  of  workers  at  Schenck  Busi¬ 
ness  Solutions.  The  Milwaukee- 
based  accounting  firm  has  a  total 
of  about  500  employees. 


Looking  at  disk-based 
backup  but  not  sure  how 
to  make  it  happen?  Get 
the  smarter  disk  backup 
solution — Path  light®  VX  2.0 
from  ADIC,  the  leading 
provider  of  tape  libraries 
for  open-systems  backup.  * 


. y  PATHLIGHT  VX  .  _ 

Disk-Based  Backup 

Smarter  disk-based  backup.  Pathlight  VX  2.0  uses  advanced  policy-based  data  management  to  merge  the 
capacity  of  disk  and  tape  into  a  single,  unified  solution.  Disk  gives  you  twice  the  backup  performance  of 
conventional  libraries — and  even  faster  restore.  Tape  delivers  scalability,  value,  secure  retention,  and  flexible  . 
disaster  recovery.  You  get  the  best  of  both  technologies  in  a  single  solution  that  slips  right  into  your  existing 
backup  system. 


Clear  investment  protection.  With  Pathlight  VX  2.0,  you  can  boost  your  backup  and  restore  whether  you 


md  restore  whether  you  '  ' 


Room  to  grow,  smarts  to  save.  Pathlight  VX  2.0  delivers  all  the  performance 
of  RAID,  but  it  also  scales  to  meet  enterprise  capacity  demands  and  grows  eas 
cut  your  costs  in  half  or  more  compared  to  conventional  products. 

•  Market  share  from  Gartner  Dataquest,  Tape  Automation  Systems  Market  Shares,  2003,  F.  Yale,  April  2004. 
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by  W.  Curtis  Preston,  Evaluating  Disk-Based  Backup  Solutions. 
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HiPAA 


formation  Management  Asso¬ 
ciation,  which  has  about 
50,000  members,  today  plans 
to  release  the  results  of  a  sur¬ 
vey  it  conducted  in  January 
among  privacy,  security  and 
compliance  officers.  Just  18% 
of  the  1,140  respondents  said 
their  companies  were  fully 
compliant  with  the  HIPAA 
security  rules,  according  to 
Harry  Rhodes,  the  Chicago- 
based  association’s  director 
of  practice  leadership.  But 
another  44%  said  they  were 
close  to  achieving  compliance 
(see  chart). 

“While  it  appears  that  orga¬ 
nizations  are  continuing  to¬ 
ward  compliance,  there  are 
many  that  are  still  struggling,” 
said  Devin  Jopp,  chief  admin¬ 
istrative  officer  at  URAC, 
a  nonprofit  accreditation 
agency  for  the  health  care  in¬ 
dustry.  Companies  are  dealing 
with  many  of  the  same  issues 
they  cited  as  hurdles  when 
Washington-based  URAC  con¬ 
ducted  a  similar  survey  last 
April,  Jopp  said. 

The  compliance-related 
problems  cited  in  the  studies 
include  technology  and  proc¬ 
ess  integration  issues,  time 
and  budget  constraints,  and  a 
lack  of  understanding  of  how 


Data  Mandates 


The  HIPAA  security  rules  re¬ 
quire  health  care  companies 
to  address  the  following  areas: 

h  Security  standards  for  pro¬ 
tection  of  personal  health  data 
stored  electronically. 

®  Administrative  safeguards 

for  managing  information  secu¬ 
rity  measures. 

«  Pfiysical  safeguards  for 

protecting  health  data. 

s  Technical  safeguards  relat¬ 
ing  to  the  technology  used  to 
orotect  information. 

a  Organizational  require¬ 
ments.  including  standards  for 
contracts  with  business  partners. 

*  Policies,  procedures  and 
documentation  requirements. 


to  implement  the  rules. 

The  security  rules,  which  are 
being  administered  by  the  fed¬ 
eral  Centers  for  Medicare  & 
Medicaid  Services,  require  all 
companies  handling  electronic 
health  data  to  implement  fully 
auditable  steps  for  controlling 
access  to  confidential  informa¬ 
tion  and  protecting  it  against 
compromise  and  misuse. 

But  the  rules  document 
does  not  specify  the  technolo¬ 
gies  that  companies  need  to 
adopt.  That  “makes  it  kind  of 
vague”  for  implementation 
purposes,  said  Mark  Maher, 
security  administrator  at  the 
Ochsner  Clinic  Foundation, 
which  operates  a  hospital  in 
New  Orleans  and  25  medical 
clinics  throughout  Louisiana. 

“It  tells  you  what  you  have 
to  do,  but  how  you  do  it  is  left 
open  to  you,”  Maher  said.  That 
has  left  a  “lot  of  people  con¬ 
fused  about  what  exactly  is  re¬ 
quired,”  he  added. 

Ochsner  used  a  tool  from 


Security  Standing 


U  ■ 

X 

“•  What  is  your  organization’s 


r  level  of  compliance  with 
§  HIPAA’s  data  security  rules? 


gj  12%:  Less  than  50%  compliant 


ui  Base:  1,140  privacy,  security  and 
k  compliance  officers  surveyed  in  January 

O  '  - 

consulting  firm  Meta  Group 
Inc.  to  help  it  translate  the 
HIPAA  requirements  into  en¬ 
terprisewide  policies,  stan¬ 
dards  and  guidelines  for  com¬ 
plying  with  the  security  rules, 
Maher  said. 

As  part  of  the  process,  the 


foundation  has  implemented 
measures  for  encrypting  all 
outgoing  e-mail  that  contains 
protected  data,  eliminating  the 
use  of  the  file  transfer  proto¬ 
col  and  requiring  business 
partners  to  connect  only  via 
virtual  private  networks. 

Even  so,  the  integration  of 
system  logs  from  multiple 
sources  —  which  is  needed  to 
ensure  that  an  audit  trail  ex¬ 
ists  for  all  access  to  protected 
data  —  has  been  a  huge  chal¬ 
lenge,  Maher  said.  Ochsner  is 
currently  evaluating  products 
for  integrating  its  logs. 

“One  of  the  key  issues  with 
HIPAA  is  the  audit-trail  con¬ 
cept  of  having  procedures  in 
place  [and]  having  account¬ 
ability,”  said  Christopher 
Borod,  supervisor  of  network 
and  technical  services  at  Good 
Samaritan  Health  System  in 
Lebanon,  Pa.  Good  Samaritan 
has  deployed  a  security  dash¬ 
board  from  NetIQ  Corp.  that 
automates  the  collection  of  log 


information  from  multiple  sys¬ 
tems,  Borod  said. 

But  Jopp  noted  that  he 
knows  of  “large  contingents  of 
companies  that  are  struggling 
with  integrating  their  system 
logs  for  review.” 

The  HIPAA  rules  set  non- 
compliance  penalties  of  up  to 
$25,000  per  violation.  But  the 
enforcement  process  will  be 
initiated  only  if  a  complaint 
is  filed  against  a  health  care 
organization. 

The  lack  of  a  strong  en¬ 
forcement  component  has  re¬ 
sulted  in  a  somewhat  “lack¬ 
adaisical  attitude”  among 
some  companies,  HIMSS’s 
Sensmeier  said.  There’s  no  ur¬ 
gency,  she  added,  “because  no 
one  is  going  to  be  waiting  to 
come  into  your  organization 
on  April  21  to  see  if  you  are 
compliant.”  ©  53677 

MORE  THIS  ISSUE 

HIPAA  compliance  requires  more  than  just 
writing  a  policy.  Page  36 
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Freddie  Mac 

new  software  is  helping  the 
McLean,  Va.-based  company 
to  automate  its  year-end 
financial  reporting  process 
and  tighten  its  controls. 

It  took  Freddie  Mac  six 
months  to  issue  its  fiscal  2003 
earnings  report,  DeLeo  said. 
Thanks  in  part  to  its  develop¬ 
ment  of  Java-based  reporting 
and  reconciliation  systems, 
the  company  issued  its  2004 
report  in  half  that  time,  he 
said.  Freddie  Mac  expects  to 
pare  its  year-end  close  to  15 
days  this  year  and  to  just  sev¬ 
en  days  in  2006,  said  Wilson 
Davis,  who  became  vice  presi¬ 
dent  of  finance  technology 
services  18  months  ago  to  help 
improve  the  company’s  report¬ 
ing  procedures. 

Closing  in  seven  days  would 
place  Freddie  Mac  on  par  with 
blue-chip  financial  services 
companies  such  as  Goldman, 
Sachs  &  Co.  and  Citigroup 
Inc.,  said  Paul  Healy,  chairman 
of  the  accounting  and  control 
unit  at  Harvard  Business 
School. 

Enabling  Freddie  Mac  offi¬ 


cials  to  close  the  books  faster 
“would  presumably  allow 
them  to  know  if  there  are 
problems  more  quickly  so 
they  could  respond  more 
quickly,”  said  Healy. 

The  bulk  of  the  internally 
developed  systems  work  with 
the  PeopleSoft  general  ledger 
accounting  software  that  Fred¬ 
die  Mac  has  used  for  six  years. 

Engines  of  Change 

The  new  systems  have  so  far 
come  in  stages.  In  2003,  Fred¬ 
die  Mac  built  a  portfolio  sub¬ 
ledger  system  to  pull  all  of  its 
investment  activities  into  a  sin¬ 
gle  system  using  data  report¬ 
ing,  data  mapping  and  ETL 
(extract,  transform  and  load) 
tools  from  vendors  such  as  Mi- 
croStrategy  Inc.  and  Ascential 
Software  Corp.,  said  DeLeo. 

Last  year,  Freddie  Mac  built 
valuation  and  amortization  en¬ 
gines  using  Java  to  automate 
the  securitization  and  resecu¬ 
ritization  of  mortgages,  Davis 
said.  Those  tools,  which  Fred¬ 
die  Mac  began  using  in  Au¬ 
gust,  enable  the  company  to 
close  out  its  securities  portfo¬ 
lio  on  an  intramonth  basis 
rather  than  having  to  wait  until 
the  end  of  each  month  to  con¬ 


duct  the  valuations,  he  added. 

The  $45  million  budgeted 
for  this  year  will  be  spent  par¬ 
tially  on  packaged  applica¬ 
tions  to  automate  the  compa¬ 
ny’s  debt  and  derivatives  oper¬ 
ation,  according  to  Deleo. 
Freddie  Mac  will  seek  propos¬ 
als  this  summer. 

A  chief  factor  behind  Fred¬ 
die  Mac’s  improvements  has 


been  a  close  collaboration  be¬ 
tween  its  business  and  IT  or¬ 
ganizations,  said  DeLeo.  “A  lot 
of  people  talk  about  IT  and 
business  alignment.  This  is  be¬ 
yond  that,”  said  DeLeo.  For  in¬ 
stance,  he  noted  that  on  many 
nights,  IT  and  business  man¬ 
agers  work  side  by  side  evalu¬ 
ating  the  company’s  financial 
systems  efforts.  ©  53667 


, 

Technology  Boosts  MCI  Processes 


MCI  INC.,  another  company 
that  was  caught  up  in  a  major 
accounting  scandai,  has  turned 
to  technology  to  firm  up  its  fi¬ 
nancial  processes. 

Last  year,  the  telecommuni¬ 
cations  company,  formerly 
WorldCom  Inc.,  developed  a 
homegrown  software  module 
that  has  helped  it  improve  the 
accuracy  and  consistency  of 
commercial  tax  reporting,  said 
Rose  Hauser,  vice  president  of 
revenue  and  enterprise  sys¬ 
tems  at  MCI. 

AspartofitsSarbanes- 
Oxley  Act  preparations  last 
year,  MCI  also  spent  a  lot  of 
time  adding  security  and  user- 


access  controls  to  its  SAP  AG 
general  ledger  accounting  sys¬ 
tem  and  other  core  financial 
systems,  she  said.  Also  in 
2004,  MCI  shaved  two  days  off 
the  time  it  takes  to  close  its 
books  each  month  by  automat¬ 
ing  a  series  of  financial  proc¬ 
esses,  said  Hauser. 

At  the  moment,  MCI  takes 
about  10  business  days  to  close 
out  its  monthly  sales  cycles 
from  an  information  systems 
perspective,  said  Hauser.  The 
company’s  goal  is  to  obtain  a 
“virtual  close”  within  four  to  six 
business  days  over  the  next  18 
months,  she  added. 

-  Thomas  Hoffman 
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EMC  CAN  HELP  YOU  OPTIMIZE  ORACLE  INFORMATION  ACROSS  ITS  ENTIRE  LIFECYl 

Our  services,  software,  and  hardware  help  you  get  more  from  your  Oracle  database  and .appika 
tions.  Developed  jointly  with  Oracle,  our  solutions  give  you  the  power  to  improve  availability, 
reliability,  and  flexibility  while  lowering  TCO.  You  gain  a  common  information  infrastructure, 
proven  to  work  in  the  most  demanding  situations— including  migrations,  upgrades,  backups, 
and  peak  workloads.  Visit  www.EMC.com/solutions  to  learn  more  and  sign  up  for  a  live  demo. 
Or  call  1-866-464-7381. 


Find  an  authorized  EMC  Velocity  ’  Partner  at  www.EMC.com/velocity. 


EMC7,  EMC,  and  whereinfomi.il  ion  lives  are  registered  trademarks  of  EMC  Corporation.  All  other  trademarks  used  herein  are  the  property  of  their  respective  owners,©  Copyright  2004, 700S. 
EMC  Corporation.  All  rights  reserved.  •'•25?  f  " 
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Mr.  400,000  SKUs  and 
7.5  Million  Transactions 
Analyzed  In  Real  Time 


Your  potential.  Our  passion 

Microsoft 
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"The  new  system  integrates  thousands  of 
pieces  of  data  in  real  time.  Store  managers 
love  it,  executives  love  it— everyone  loves  it." 

Robert  Fort 

Director  of  IT,  Virgin  Entertainment  Group,  North  America 
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Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes  it  easier 
for  Virgin  Entertainment  Group,  North  America 
to  make  inventory  decisions  based  on  real-time 
data  from  its  sales  counters.  Here's  how:  By 
building  a  business  intelligence  solution  using 
SQL  Server  supported  by  BizTalk  Server  and  the 
.NET  Framework,  Virgin  is  able  to  gather  the  Point 
of  Sale  and  traffic  data  collected  in  its  stores, 
analyze  it,  and  have  reports  to  store  managers 
every  15  minutes.  Software  that's  easier  to 
integrate  is  software  that  helps  you  do  more  with 
less.  To  get  the  full  Virgin  story  or  find  a  Microsoft 
Certified  Partner,  go  to  microsoft.com/wssystem 


Windows  Server  System1"  includes: 


Server  Platform 


Windows  Server 


Microsoft* 

Windows 
Server  System 


Virtualization 

Virtual  Server 

Data  Management  &  Analysis 

SQL  Server 

Communications 

Exchange  Server 

Portals  &  Collaboration 

Office  SharePoint*  Portal  Server 

Integration 

BizTalk*  Server 

Management 

Systems  Management  Server 

Microsoft*  Operations  Manager 

Security 

Internet  Security  &  Acceleration  Server 

Plus  other  software  products 
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MICHAEL  GARTENBERG 


A  Plot  Twist 


Talk  about  lousy  timing.  Right 
when  Siebel  Systems’  PR  machine  was 
entrenched  in  a  campaign  to  get  the 
press  to  write  about  the  company’s 
improving  performance  under  CEO 
Michael  Lawrie,  it  had  a  cave-in  when  Lawrie  was 
forced  to  explain  first-quarter  earnings  results  that 
were  almost  as  lousy  as  the  timing. 

It  began  as  a  classic  PR 


maneuver:  Convince  the 
press  to  regurgitate  the 
“Chapter  2”  strategy 
Siebel  introduced  last  Oc¬ 
tober  [QuickLink  49926] 
by  using  Lawrie’s  ap¬ 
proaching  one-year  an¬ 
niversary  at  the  helm  as 
the  news  hook.  Then  the 
quarterly-results  bomb 
was  dropped.  At  least  the 
company’s  marketing 
guys  could  take  heart  that 
they  hadn’t  used  Roman  numerals 
for  the  campaign.  “Chapter  II”  looks 
way  too  much  like  “Chapter  11.”  The 
jokes  would  have  been  relentless. 

Last  week,  instead  of  waxing  poetic 
on  his  authorship  of  the  new  chapter, 
Lawrie,  a  26-year  IBM  veteran  who 
took  the  CEO  reins  from  company 
founder  Tom  Siebel  last  May  [Quick- 
Link  46697],  had  to  account  for  his 
surprise  that  Siebel’s  first-quarter 
revenue  was  so  low.  The  CRM  ven¬ 
dor  now  expects  the  figure  to  be  in 
the  range  of  $297  million  to  $300  mil¬ 
lion,  down  from  analysts’  projections 
of  $337.5  million  and  the  $329.3  mil¬ 
lion  it  generated  in  the  first  quarter  of 
last  year.  Siebel  is  looking  at  software 
license  revenue  of  about  $75  million 
for  the  quarter,  compared  with  $126.8 
million  in  last  year’s  first  quarter. 

According  to  a  Siebel  statement, 
Lawrie  blamed  the  shortfall  on  “a 
combination  of  poor  execution  on 
our  part,  exacerbated  by  a  challeng¬ 
ing  economic  and  IT  environment.” 

It  turns  out  the  company  was  count¬ 
ing  on  some  contracts  that  didn’t  get 
wrapped  up  by  April  Fool’s  Day. 
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What’s  puzzling  about 
all  this  isn’t  the  poor  exe¬ 
cution.  Hey,  who  among 
us  is  immune  to  that  par¬ 
ticular  affliction?  The  real 
head-scratcher  is  how  the 
whole  thing  could  have 
caught  Siebel’s  top  brass 
so  off-guard. 

It’s  hard  to  imagine 
that  this  new  PR  initia¬ 
tive,  which  positions 
Lawrie  as  a  savior  who’s 
leading  the  company 
back  to  prosperity,  would  have  been 
allowed  to  proceed  if  Siebel’s  top  ex¬ 
ecutives  had  the  slightest  idea  that 
the  business  was  faring  as  poorly  as 
it  was.  You  just  don’t  put  your  CEO 
under  the  spotlight  unless  you’re 
as  certain  as  you  can  be  that  noth¬ 
ing’s  going  to  happen  that  will  em¬ 
barrass  him  and  force  him  to  tap- 


dance  around  hard  questions. 

There’s  no  way  for  us  to  know  if 
Lawrie  really  did  try  to  explain  the 
company’s  surprising  shortfall  by  re¬ 
ferring  to  problems  that  were  exac¬ 
erbated  by  a  challenging  economic 
environment.  The  comments  attrib¬ 
uted  to  Lawrie  were  very  likely  com¬ 
posed  by  the  PR  team  (that’s  just 
how  these  things  work),  and  Lawrie 
may  or  may  not  have  actually  signed 
off  on  them  (sometimes  a  top  lieu¬ 
tenant  does  that).  If  he  didn’t,  then 
he  probably  learned  a  lesson:  that  he 
needs  to  pay  a  lot  more  attention  to 
the  words  being  put  in  his  mouth.  If 
he  did  . . .  well,  that’s  bad. 

We’re  talking  about  explaining 
something  that  was  unexpected.  To 
cite  existing  economic  conditions 
as  a  reason  for  a  surprising  turn  of 
events  is  nonsensical.  It’s  the  kind  of 
goofy  statement  that  slips  through 
when  you’re  fumbling  for  answers. 

In  any  case,  it’s  consistent  with 
the  premise  that  the  company  was 
out  of  touch  with  its  own  perfor¬ 
mance  —  something  that  won’t  be 
lost  on  Siebel’s  users.  Let’s  hope  it 
does  better  in  Chapter  3.  ©  53636 


Microsoft’s 
Problem:  XP’s 
Good  Enough 

IT’S  BEEN  QUIET  on  the 
client  operating  system 
front.  IT  managers  haven’t 
had  to  face  a  major  migration 
in  quite  some  time. 

By  my  calendar,  it’s  been  nearly  four 
years  since  I  installed  the  first  beta  of 
Windows  XP  that  I  deemed  good 
enough  for  production  use,  and  other 
than  that  first  beta,  Windows  XP  has 
worked  rather  well  for  me.  I  would 
even  say  that  it’s  the  best  operating  sys¬ 
tem  Microsoft  has  ever  shipped.  With 
Longhorn  still  lurking  somewhere  out 
in  the  mists  of  the  distant  future,  it’s 
time  to  take  a  look  at  the  Windows 
client  platform  and  how  well  it’s  still 
meeting  business 
needs  relative  to 
competing  products. 

This  is  the  longest 
period  of  time  that 
Microsoft  has  gone 
without  shipping  a 
new  version  of  its 
operating  system.  In 
this  period,  we’ve 
seen  numerous  ver¬ 
sions  of  Linux 
emerge,  each  one 
more  capable  than 
the  last,  and  Apple  is 
on  its  third  major  re¬ 
vision  of  Mac  OS  X. 

While  there  are 
choices  in  the  mar¬ 
ketplace  that  should 
be  given  serious  con¬ 
sideration,  I  still  con¬ 
clude  that  Windows 
is  likely  to  remain  the  best  one  for  bus¬ 
iness  users. 

At  first  glance,  Windows  XP  appears 
to  have  stagnated.  Nothing  could  be 
further  from  the  truth.  XP  has  gone 
through  two  major  service  packs,  both 
of  which  have  increased  security,  relia¬ 
bility  and  robustness.  A  lot  of  effort 
has  gone  into  XP  as  well,  and  we’ve 
seen  MediaCenter  and  Tablet  PC  ver¬ 
sions  emerge,  both  of  which  were  sig¬ 
nificant  for  their  markets,  even  if  nei¬ 
ther  had  much  of  an  impact  on  busi¬ 
ness  users.  MediaCenter  is  a  consumer 
operating  system  with  features  focused 
on  media  and  entertainment.  The 
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Tablet  PC  has  been  relatively  irrele¬ 
vant  for  business  computing  for  a  vari¬ 
ety  of  reasons,  mostly  related  to  a  lack 
of  compelling  hardware  or  a  killer  app. 

But  the  bottom  line  is  that  XP  has 
evolved  from  the  standpoint  of  fea¬ 
tures,  security,  stability  and  reliability 
to  a  level  that  is  good  enough  for  most 
users.  The  ubiquitous  nature  of  Win¬ 
dows  means  that  it’s  the  platform  of 
choice  for  application  development  (I 
can’t  think  of  a  mission-critical  appli¬ 
cation  that  isn’t  on  the  Windows  plat¬ 
form),  and  every  PC  in  the  past  four 
years  has  fully  supported  Windows 
with  the  appropriate  hardware  drivers. 

The  ubiquitous  nature  of  Windows 
means  that  it’s  hard  for  other  platforms 
to  gain  an  advantage.  Both  Linux  and 
Mac  OS  have  their  adherents,  as  well 
as  their  uses  within  business  comput¬ 
ing.  But  Linux  still  lacks  the  breadth  of 
applications  (it’s  notably  lacking  a  ver¬ 
sion  of  Microsoft  Office)  and  overall 
hardware  compatibility,  and  Mac  OS 
limits  user  choice  to  Apple  hardware. 

But  this  isn’t  necessarily  good  news 
for  Microsoft.  Business  users  have  very 
different  needs  from  consumers,  and 
much  of  the  recent  XP  evolution  has 
been  consumer-focused  and  related  to 
media  and  entertainment  features.  So 
Microsoft  is  going  to  have  a  challenge 
of  its  own.  Whenever  Longhorn  ships, 
the  company  for  the  first  time  will  con¬ 
front  a  problem  that  its  competitors 
have  faced  over  the  years:  how  to  get 
users  to  move  off  what  is  perceived  as 
a  stagnated  and  boring  platform  that  is 
good  enough  for  business  use.  The 
competition  is  going  to  have  a  chance 
to  woo  customers  from  Microsoft,  and 
that’s  why  now  is  the  time  to  be  think¬ 
ing  about  your  operating  system  plans 
two  to  three  years  out.  ©  53499 


DAN  GILLMOR 


High  Tech 
Meets  the 
High  Court 


ON  MARCH  29,  two 

cases  went  before  the 
U.S.  Supreme  Court 
for  oral  arguments.  One, 
about  computer  file  sharing, 


was  important  and  widely  covered. 
The  other,  about  an  Internet  service 
provider’s  fight  with  a  cable  company, 
was  less  celebrated  but  in  the  end  may 
have  an  even  greater  impact. 


The  first  case  —  Metro- 
Goldwyn-Mayer  Studios 
Inc.  vs.  Grokster  Ltd.  —  is 
the  entertainment  indus¬ 
try’s  latest  challenge  to 
peer-to-peer  software.  It’s 
also  a  dagger  aimed  at  the 
heart  of  innovation,  and  the 
IT  world  will  be  among  the 
losers  if  Grokster  loses. 

In  a  nutshell,  MGM  and 
its  allies  in  the  entertain¬ 
ment  industry  and  else¬ 
where  say  that  Grokster  is 
basically  little  but  an  instru¬ 
ment  for  copyright  infringe¬ 
ment.  Grokster  and  its  allies 
point  out  that  P2P  technolo¬ 
gy  has  many  legitimate  uses,  including 
the  affordable  distribution  of  nonin¬ 
fringing  digital  videos  and  other  con¬ 
tent  that  would  be  prohibitively  expen¬ 
sive  to  deliver  via  standard  systems. 

Grokster  won  in  lower  courts,  which 
based  their  decisions  on  the  crucial 
1984  Sony  Betamax  case.  In  that  one, 
the  Supreme  Court  ruled  (by  the  thin¬ 
nest,  5-4  margin)  that  VCRs  couldn’t 
be  sued  out  of  existence  just  because 
they  might  (and  would)  be  used  by 
some  people  for  infringement.  The  de¬ 
vices  had  substantial  legitimate  uses, 
too,  the  court  ruled. 

That  precedent  has  served  us  well.  It 


has  particularly  served  the 
movie  industry,  by  opening 
up  a  vast  new  market  for 
movies  sold  on  videotape. 

If  the  court  overturns  the 
Betamax  case  or  gives 
MGM  and  its  allies  what 
they  want,  technological 
innovation  will  take  a  big 
hit.  If  venture  capitalists 
and  tech  companies  have 
to  beg  for  permission  from 
one  greedy  and  unscrupu¬ 
lous  industry  before  daring 
to  innovate,  the  rest  of  us 
will  be  poorer  for  that 
process. 

Overshadowed  by  the 
Grokster  case  that  day  was  the  FCC  vs. 
Brand  X  Internet  LLC. 

Brand  X  is  an  Internet  service  pro¬ 
vider  in  Santa  Monica,  Calif.,  that  was 
refused  permission  to  interconnect 
with  the  local  cable  company’s  lines. 
The  case  reached  the  high  court  when 
an  appeals  court  overturned  the  Feder¬ 
al  Communications  Commission’s 
classification  of  cable  Internet  access 
as  an  information  service,  which  is  ba¬ 
sically  unregulated,  and  called  it  a 
telecommunications  service. 

Service  providers  flourished  —  the 
Internet  flourished  —  in  their  early 
years  because  phone  companies,  then 
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the  only  access  points,  can’t  refuse  to 
complete  anyone’s  call  to  anyone  else’s 
lines.  The  FCC’s  classification  gives 
the  cable  companies  the  right  to  refuse 
carriage,  and  the  FCC  has  also  moved 
to  give  phone  companies  the  right  to 
control  the  content  of  their  high-speed 
data  pipes.  This  is  dangerous. 

Part  of  the  problem  in  this  case  is 
that  the  old  classifications  make  little 
sense  in  a  world  where  data  —  packets 
—  is  the  medium  for  everything.  We 
don’t  want  intrusive  regulation  of  what 
we  can  say  and  do  online. 

But  we  are  also  moving  into  a  world 
where  a  typical  community  will  have 
only  one  or  two  providers  of  high¬ 
speed  data  access:  phone  and  cable.  If 
those  providers  are  permitted  to  lock 
out  competitors  on  the  content  side, 
they  will  have  achieved  a  media  consol¬ 
idation  that  makes  today’s  look  tame. 

The  fabled  “last  mile”  of  Internet  ac¬ 
cess  is  a  choke  point  of  serious  value. 
The  cable  and  phone  industries  that 
control  that  last  mile  have  insisted  that 
they  wouldn’t  abuse  their  power,  but 
we  can’t  trust  these  monopolists  to 
behave  well.  ©  53544 
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Editorial  Draws  Responses  in  Favor  of  IT  Farmsourcing 


After  spending  90%  of  his 

words  convincing  us  that  he 
supports  “farmsourcing,”  Don  Ten¬ 
nant  asserts  that  sending  IT  work 
to  rural  areas  of  the  U.S.  because 
they’re  more  familiar  than  offshore 
locales  flies  in  the  face  of  lofty  goals 
-  multiculturalism  and  globalization 
[“IT  Inbreeding,”  QuickLink  53377], 
Face  it:  The  only  reasons  to  send 
IT  services  offshore  are  to  lower 
costs  and  to  use  the  investment  in 
another  nation  to  help  lever  open 
new  markets.  I  simply  don’t  believe 
that  any  offshoring  decision  is 
made  to  support  multiculturalism 
and  globalization. 

On  the  other  hand,  one  of  the 
hidden  costs  of  offshoring  often 
noted  in  Computerworld  is  over¬ 
coming  differences  in  language  and 
culture.  If  the  gentleman  from  Opti¬ 
mal  Solutions  Integration  who  was 
cited  in  the  editorial  sees  an  advan¬ 
tage  in  farmsourcing,  I  believe  he  is 
demonstrating  a  solid  understand¬ 
ing  of  the  total  cost  picture.  As  far 


as  farmsourcing  possibly  being  “un¬ 
healthy  inbreeding,”  the  U.S.  is  the 
most  multicultural  and  multiracial 
nation  on  earth.  Is  offshoring  really 
the  only  way  we  can  interact  with 
these  diversities? 

Tom  Unkefer 
IT  management 
consultant,  Cleveland, 
tunkefer@sbcglobal.  net 

ffi  U  USTIC”?  “Hinterland"? 

Il  “Inbreeding”?  That’s  three 
derogatory  references  based  on  sil¬ 
ly  stereotypes  that  many  people  on 
the  coasts  seem  to  have  about  the 
rest  of  the  country. 

Tim  Hack 
Underwood,  Iowa 

AT  THE  RISK  OF  being  labeled  a 
“livid  offshore  outsourcing  foe,” 

I  must  admit  that  I  disagree  with 
Tennant’s  comments.  I  agree  that 
we  have  a  world  economy  that  can¬ 
not  be  ignored  if  a  business  is  to 
grow  and  prosper.  However,  IT  isn’t 


the  best  place  to  gain  exposure  to 
different  cultures  and  global  market¬ 
places.  Make  that  the  realm  of  the 
marketing  people,  not  the  IT  group. 
A  company’s  IT  organization  con¬ 
tains  processes  critical  to  the  firm's 
success.  To  go  overseas  and  ex¬ 
pose  the  company  to  possible  prob¬ 
lems  with  leakage  of  critical  infor¬ 
mation  or  misinterpretation  of  a 
project's  goals  and  processes 
seems  ridiculous  when  a  suitable 
alternative  exists  in  the  U.S. 

Allan  C.  True 

Senior  computer  engineer, 
Grand  Haven,  Mich., 
atrue@yahoo.com 

I  WORK  FOR  a  multicultural  compa¬ 
ny  and  enjoy  the  opportunities 
that  having  access  to  such  a  culture 
brings.  However,  many  of  my  com¬ 
pany’s  clients  are  very  focused  on 
events  and  cultures  in  the  U.S. 
Telling  them  that  their  business  is 
suffering  because  they  don't  have 
exposure  to  Chinese  or  other  cul¬ 


tures  is  laughable  at  best.  Just  be¬ 
cause  outsourcing  is  good  for  one 
company  doesn’t  mean  you  should 
disparage  other  companies  that 
choose  not  to  go  that  route.  To  do 
so  is  to  become  a  multicultural  elitist 
incapable  of  seeing  value  in  non¬ 
diversity.  This  is  every  bit  as  destruc¬ 
tive  as  the  ethnocentric  business 
person  that  Tennant  disparages. 

J.  Alan  Brown 
Systems  engineer, 

Rising  Fawn,  Ga. 
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Farmsourcing 

SO  TENNANT  THINKS  companies 
are  outsourcing  overseas  because 
they  want  to  increase  cultural  aware¬ 
ness  and  get  diversity  points?  How 
absurd.  It’s  about  the  cost  savings. 
Andy  Jensen 
Portland,  Ore. 

Many  companies  outsource 
back-office  functions,  which 
aren’t  viewed  as  adding  value  to  the 
companies’  success.  In  these  situa¬ 
tions,  having  cross-cultural  relations 
won’t  add  to  the  knowledge  base  of 
the  corporation  at  all. 

Doran  Boroski 
Elmhurst,  III. 

AS  AN  academician-turned-IT- 
manager,  I  appreciate  the  concept 
of  diversity;  it  is  something  we  work  hard 
at  in  the  university  environment.  And  di¬ 
versity  is  totally  appropriate  and  desir¬ 
able  in  the  global  marketplace  of  ideas. 
However,  I’m  at  odds  with  Tennant  on 
two  points:  1)  When  I  call  for  computer 
support,  I’m  looking  for  facts,  not  ideas, 
and  I  want  an  understandable  dialect  on 
the  other  end  of  the  telephone,  no  mat¬ 
ter  where  the  support  person  is  sitting; 
and  2)  for  those  of  us  living  here  in  what 
is  an  economically  underdeveloped  re¬ 
gion  of  the  U.S.,  the  concepts  embed¬ 
ded  in  “farmsourcing,’’  as  you  call  it, 
make  complete  sense,  especially  since 
our  economy  was  based  largely  on  to¬ 
bacco,  which  is  going  the  way  of  our 
furniture  and  textile  industries. 

Furthermore,  farmsourcing  is  not 
necessarily  an  exercise  in  inbreeding; 
a  strong  regional  IT  industry  would  at¬ 
tract  staff  from  a  wide  variety  of  back¬ 
grounds  and  locations,  particularly  if 
centered  around  a  university  as  Cather¬ 
ine  White  proposes.  We  have  students 
from  48  states  and  60  countries;  I'd 
say  that  represents  significant  diversity. 
Jack  Brinn 

Interim  CIO,  East  Carolina 
University,  Greenville,  N.C., 
brinnj@mail.ecu.edu 


Fundamentally,  either  one  is 
opposed  to  globalization  and  out¬ 
sourcing  of  American  jobs,  or  one  is 
not.  I  am  opposed.  The  downside  of 
globalization  is  a  dilution  of  individual 
cultures  and  beliefs.  I  understand  that 
we  live  in  a  global  economy,  but  we  do 
not  have  to  live  in  a  diluted  global  cul¬ 
ture.  I  live  in  the  most  powerful  and 
economically  stable  free  society  in  the 
world,  and  I  want  to  keep  it  that  way. 


I  see  the  outsourcing  of  our  most 
critical  and  important  jobs  as  moving 
the  economic  and  intellectual  power 
base  out  of  our  country.  What  a  won¬ 
derful  thing  it  would  be  to  offer  a  "Sili¬ 
con  Valley  opportunity"  to  Americans 
who  by  choice  or  birth  live  in  an  area  of 


the  country  that  was  not  blessed  with 
wealth  but  by  agriculture,  property  and 
community.  Farmsourcing  sounds  like 
a  great  way  to  provide  jobs  to  fellow 
Americans. 

Marcia  Wilson 
Reno,  Nev. 


I  QUESTION  WHETHER  offshore  out¬ 
sourcing  is  the  best  vehicle  for  gain¬ 
ing  exposure  to  other  cultures  and  mar¬ 
kets.  I’m  sure  there  are  many  ways  to 
acquire  diversity,  if  diversity  is  what 
your  customers,  shareholders  and  em¬ 
ployees  need,  but  I  don’t  think  compa¬ 


nies  should  go  out  and  globalize  them¬ 
selves  just  for  the  sake  of  ivory  tower 
ideals.  Also,  there’s  a  whole  lot  to  be 
said  for  a  business  plan  that  values  the 
culture  that  it  operates  in. 

Cathy  Taddei 
Portland,  Ore. 


99%  OF  COMPANIES  HAVE  FIREWALLS  OR  ANTIVIRUS  SOFTWARE. 

So  how  come  78%  still  get  hit?* 


Odds  are,  you  have  first-hand  experience  with  the  vulnerabilities  of 
existing  security  measures.  So  here’s  another  statistic:  Websense 
provides  a  proactive  software  solution  that  protects  nearly 
20  million  employees  worldwide  from  web-based  security  threats. 
Close  the  security  gap.  Download  your  free  evaluation  today. 
www.websense.com/virus7 


SECURING  PRODUCTIVITY,. 

©  2005  Websense,  Inc.  All  rights  reserved  Websense  is  a  registered  trademark  of  Websense,  Inc.  in  the  United  States  and  certain  international  markets  ’2004  CSl/FBI  Computer  Crime  and  Security  Survey 


OR  YOUR  MONEY  RACK 


Imagine  your  applications  -  both  legacy  and 
new  -  performing  together  as  an  ensemble. 

That  vision  can  become  a  reality  surprisingly 
quickly  with  Ensemble™  -  the  universal  integra¬ 
tion  platform  with  all  the  functionality  needed  to 
complete  any  type  of  integration  project  on  time 
and  on  budget. 

Much  more  than  a  messaging  engine, 

Ensemble  is  a  fusion  of  architecturally-consistent 
technologies  for  integration,  development,  deploy¬ 
ment  and  management  of  composite  applications 
that  preserve  and  extend  your  legacy  systems. 


Ensemble  is  breakthrough  software  from 
InterSystems,  a  global  company  with  over  25 
years  of  experience  deploying  and  supporting  high 
performance  data  management  products  in  more 
than  100,000  systems,  in  88  countries. 

We’re  so  confident  that  Ensemble  is  dramatically 
faster  and  easier  to  use  than  any  other  integration 
technology,  we  offer  this  money- back  guarantee: 

For  up  to  one  year  after  your  purchase,  if  you  are 
unhappy  for  any  reason  we  will  refund  100%  of  your 
license  fee. 

Rapid  integration  and  development.  Guaranteed. 


InterSystems 

E  ENSEMBLE 

Integrate  Applications  Faster 


Request  a  free  proof-of-concept  project  at  www. InterSystems . com  /rowers 
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FUTURE  WATCH 

Bulletproof  Storage 

IBM  is  developing  storage 
systems  that  are  designed  to 
repair  themselves  or  be  left 
unrepaired  without  jeopardizing 
data.  Page  34 


Data  Warehouse  Boost 
On  a  Budget 

Start-ups  with  new  products  that 
increase  performance  for  ad  hoc 
queries  while  lowering  costs  are 
challenging  established  data- 
warehouse  vendors.  Page  30 


SECURITY  MANAGER’S  JOURNAL 

HIPAA  Compliance  in 
30  Days  or  Less 

With  HIPAA’s  deadline  fast  approaching, 
C.J.  Kelly  decides  that  the  information  se¬ 
curity  officer  in  charge  of  complying  with 
the  security  rule  needs  an  assist.  Page  36 


Companies 
are  finding 
that  securing 
the  network 
periphery  is 
not  enough  and 
are  adding  mea¬ 
sures  to  directly 
protect  data. 

By  Jaikumar 
Vijayan 


S  AN  ORGANIZATION 
that  is  mandated  by 
law  to  comply  with 
data  privacy  and  secu¬ 
rity  regulations,  The 
Henssler  Financial 
Group  has  implemented  all  of  the  usu¬ 
al  technologies,  such  as  firewalls  and 
intrusion-detection  systems,  to  protect 
its  perimeters  and  networks. 

About  two  years  ago,  the  Marietta, 
Ga. -based  company  decided  to  aug¬ 
ment  its  security  measures  by  deploy¬ 
ing  a  data-auditing  tool  from  Acton, 
Mass.-based  Lumigent  Technologies 
Inc.  behind  its  firewalls. 

Lumigent’s  Entegra  product  allows 
Henssler  to  monitor  data  access, 
changes  and  views,  and  modifications 
to  its  SQL  Server  database  structure. 

The  tool  is  crucial  to  ensuring  the 
integrity  of  the  company’s  stored  con¬ 
tent,  says  Chief  Technology  Officer 
Tim  O’Pry. 

“As  a  financial  services  company,  if 


PROTECTING  DATA  AT  REST 

ENCRYPTION 

File-level  encryption:  Allows  companies 
to  protect  data  on  backup  tapes  and  disk 
arrays.  Prevents  data  compromise  result¬ 
ing  from  tape  theft  or  accidental  loss. 

Database  column-level  encryption: 

Offers  more-selective  encryption  of  confi¬ 
dential  data  contained  within  specific 
columns  in  a  database. 


Hard-disk  encryption:  Secures  data 
on  PCs,  laptops  and  handhelds. 


ACCESS  CONTROL 
AND  AUDITING 

Protects  data  by  identifying  vulnerabilities 
and  monitoring  data  access,  changes  and 
views,  and  modifications  to  database 
schemas  and  structures. 


someone  does  something  they  are  not 
supposed  to,  we  need  to  know  that,” 
O’Pry  says.  An  auditing  tool  such  as 
Entegra  allows  Henssler  to  detect  all 
database-related  activity  “regardless  of 
what  someone  might  do”  to  conceal 
that,  he  says. 

Increasing  concerns  over  data  loss 
and  compromise  are  pushing  compa¬ 
nies  such  as  Henssler  to  consider 
measures  for  securing  hitherto  unpro¬ 
tected  data  lying  in  storage  networks 
and  databases.  The  trend  marks  a 
shift  from  the  traditional  approach 
of  deploying  purely  network-  and 
perimeter-oriented  defenses. 

Driving  the  trend  are  privacy  regula¬ 
tions  that  require  companies  to 
demonstrate  due  diligence  when  it 
comes  to  protecting  data,  such  as 
the  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA)  and 
California’s  SB  1386  database-breach 
notification  law. 

Continued  on  page  28 
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GO  with  IBM  Think  Express  Program 
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■'  .  with  small  to  medium-size  businesses  in  mind. 


IBM  rated  #1  in  tech  support  for  desktops 
and  notebooks  by  PC  Magazine  readers. 
PC  Magazine  17th  Annual  Reader 
Satisfaction  Survey  -  July  14,  2004 
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You’re  looking  at  the  world’s  most  secure 

wireless  PC.  Now  you  can  have  security  at  your  fingertips. 
Literally.  That’s  because  select  IBM  ThinkPad  notebooks,  like  the  T42 
detailed  to  the  right,  feature  Intel®  Centrino™  Mobile  Technology,  so  you  can 
access  your  work  wirelessly  anytime.  And  with  our  biometric  Integrated 
Fingerprint  Reader,  access  is  easier  than  ever.  Instead  of  entering  tons  of 
passwords,  it  all  happens  with  just  one  swipe  of  your  finger  and  one 
password.  These  innovations,  combined  with  our  security  chip  and 
software,  provide  a  level  of  security  that  no  one  else  offers  as  a  standard 
feature.  Giving  you  the  most  secure  wireless  PC  available.  Hands  down. 

And  the  easiest  way  to  unlock  it. 


The  most  secure  wireless.  Only  on  a  ThinkPad. 


Contact  your  IBM  Business  Partner 
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you  for  quick  replacement  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at  the  depot  repair  center  Calls  must  be  received  by  5pm  local  time  in  order  to  qualify  for  Next 
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of  Microsoft  Corporation.  Intel,  Intel  Xeon,  Intel  Inside.  Intel  Inside  logo,  Intel  Centrino.  Intel  Centrino  logo.  Intel  SpeedStep  and  Pentium  are  trademarks  or  registered  trademarks  ol  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Other  company,  product  and 
service  names  may  be  trademarks  or  service  marks  of  other  companies.  ©2005  IBM  Corporation.  All  rights  reserved. 

Visit  www.ibm.com/pc/salecompuling  periodically  for  the  latest  information  on  safe  and  effective  computing. 
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Companies  have  a  variety  of  technol¬ 
ogy  approaches  to  choose  from  for 
protecting  data  at  rest,  according  to 
IT  managers,  analysts  and  vendors. 

The  choice  you  make  depends  on 
the  sort  of  threats  that  you  need  to 
protect  against  and  how  much 
you’re  willing  to  invest,  says  Mar¬ 
garita  Muratova,  database  adminis¬ 
trator  at  RSM  Richter. 

For  instance,  there  are  several 
options  available  to  cryptograph¬ 
ically  protect  sensitive  data. 

File-level  encryption  products,  such 
as  Decru  Inc.’s  DataFort  and  Neo- 
Scale  Systems  Inc.’s  CryptoStor,  al¬ 
low  companies  to  protect  data  stored 
on  off-line  backup  tapes  in  addition 
to  storage-area  network  and  net¬ 
work-attached  storage  systems. 
Such  products  offer  wire-speed  en¬ 
cryption  and  decryption  of  data  on 
its  way  in  and  out  of  storage  systems. 

Other  database  encryption 
products,  such  as  SecureDB  from 
nCipher  and  DbEncrypt  from  Appli¬ 


cation  Security,  provide  more  granu¬ 
lar  column-level  protection  within  a 
database.  The  products  enable  com¬ 
panies  to  encrypt  data  contained 
within  specific  columns,  such  as 
credit  card  numbers,  Social  Security 
numbers  or  information  about  pa¬ 
tients  in  hospitals  or  clinics. 

Some  products,  such  as  Vor- 
metric  Inc.’s  CoreGuard  system, 
combine  data  encryption  functions 
with  context-based  access  control 
and  auditing  capabilities. 

In  addition  to  data  encryption  tech¬ 
nologies,  several  of  the  products  avail¬ 
able  today  let  companies  manage, 
monitor  and  audit  access  to  content 
stored  in  databases. 

Since  the  goal  is  to  control  data 
usage  at  the  core,  most  products  are 
geared  toward  helping  companies 
identify  software  vulnerabilities  as 
well  as  monitor  and  audit  data  ac¬ 
cess  and  user  behavior. 

For  instance,  Lumigent  Technolo¬ 
gies’  Entegra  and  Guardium  Inc.’s 
SQL  Guard  are  data-auditing  prod¬ 
ucts  designed  to  help  companies 
maintain  a  trail  of  activity,  including 
data  access,  changes  and  views, 
and  changes  to  database  structures. 

Tizor  Systems  and  IPLocks  Inc. 
sell  data-auditing  products  that  also 
feature  activity  monitoring  and  user 
behavior  monitoring  functions  that 
alert  administrators  to  suspicious 
behavior. 

-  Jaikumar  Vijayan 


Continued  from  page  25 

A  less-stated  yet  equally  important 
reason  for  the  increased  focus  on  data 
protection  is  that  traditional  network 
perimeters  have  begun  to  fade  away.  As 
companies  use  the  Internet  to  link  up 
with  partners,  suppliers  and  customers, 
the  notion  of  a  clearly  definable  network 
edge  has  fallen  by  the  wayside.  The 
trend  is  prompting  greater  scrutiny  of 
technologies  for  protecting  stored  data. 

Also  fueling  concerns  are  incidents 
such  as  the  recent  string  of  high- 
profile  security  breaches  at  Choice- 
Point  Inc.,  Bank  of  America  Corp.  and 
LexisNexis,  each  of  which  resulted  in 
the  compromise  of  large  volumes  of 
confidential  data. 

“There  are  massive  piles  of  sensitive 
data  in  storage  networks  and  databases 
that  have  gone  largely  unprotected,” 
says  Richard  Moulds,  a  director  at 
nCipher  Corp.,  a  vendor  of  encryption 
products  in  Cambridge,  England. 


Companies  have  myriad  ways  to  try 
to  protect  such  data,  including  mea¬ 
sures  for  access  control,  activity  moni¬ 
toring  and  auditing,  as  well  as  encryp¬ 
tion  of  sensitive  information,  says 
Richard  Mogull,  an  analyst  at  Stam¬ 
ford,  Conn.-based  Gartner  Inc. 

Prat  Moghe,  president  of  Tizor  Sys¬ 
tems  Inc.,  agrees.  “In  terms  of  security 
technologies,  there  are  many  different 
approaches  to  this  problem,”  says 
Moghe,  whose  Maynard,  Mass.-based 
start-up  offers  a  data-access  auditing 
tool  similar  to  Lumigent’s. 

“Like  any  security  problem,  there 
is  no  one  approach  that  is  the  best,”  he 
says.  “But  every  approach  helps  elimi¬ 
nate  a  certain  kind  of  risk  and  helps 
complement  another  approach.” 

For  instance,  Lumigent’s  technology 
allows  Henssler  to  audit  database  ac¬ 
tivity  better  than  the  “triggers”  that  can 
be  written  to  capture  updates,  inserts 
and  deletes  to  databases,  O’Pry  says. 


Triggers  can  sometimes  impose  a 
heavy  performance  and  storage  burden 
on  companies  that  have  very  large 
databases  and  high  transaction  vol¬ 
umes,  he  says.  Entegra  instead  uses 
data  agents  to  audit  target  servers. 

The  agents  harvest  information  about 
all  activity  that  is  going  on  inside 
the  database  and  generate  alerts  or  re¬ 
ports  based  on  preconfigured  rules  or 
policies,  O’Pry  says.  The  reports  can 
then  be  archived  according  to  a  com¬ 
pany’s  needs. 

Other  companies  are  using  automat¬ 
ed  tools  to  try  to  stay  on  top  of  vulner¬ 
abilities  in  their  database  technology 
that  could  be  exploited  by  hackers. 

“The  biggest  problem  we  have  right 
now  is  with  HIPAA,”  says  Mark  Maher, 
security  administrator  at  Ochsner  Clin¬ 
ic  Foundation,  which  operates  24  health 
care  clinics  in  the  New  Orleans  area. 

“We  have  between  12  and  20  data¬ 
bases  that  hold  extremely  sensitive  in¬ 
formation  and  which  various  applica¬ 
tions  need  to  access,” 

Maher  says.  “We  need 
to  ensure  that  only 
the  correct  informa¬ 
tion  is  accessed.” 

To  do  this,  Ochsner 
is  using  AppDetective 
from  New  York-based 
Application  Security 
Inc.  to  scan  its  data¬ 
base  environment  for 
known  vulnerabilities 
and  to  do  penetration 
tests  with  simulated 
attacks.  AppDetective 
also  provides  an  au¬ 
diting  function  that 
lets  Ochsner  verify  the  robustness  of 
usernames  and  passwords  of  people 
who  have  access  to  databases. 

“We  have  tried  to  secure  things  as 
much  as  possible”  at  the  database 
level,  says  Maher.  AppSecure’s  tech¬ 
nology  allows  Ochsner  to  see  just  how 
effective  those  measures  are,  he  says. 

AppSecure  products  are  designed  to 
protect  Oracle,  Microsoft  SQL  Server 
and  Sybase  database  environments, 
according  to  the  vendor. 

Handle  With  Care 

Encryption  is  another  core  strategy 
for  protecting  stored  content,  but  it 
has  to  be  applied  with  care,  says  Gart¬ 
ner’s  Mogull.  There  are  several  prod¬ 
ucts  on  the  market  today,  so  compa¬ 
nies  have  a  variety  of  encryption  op¬ 
tions.  Some  tools  allow  companies  to 
encrypt  all  the  data  that’s  resting  in 
storage  tapes  and  disk  arrays.  Others 
allow  for  more  selective  file-level  en¬ 
cryption,  and  some  offer  column-level 


protection  within  the  database. 

Whatever  the  scenario,  it’s  impor¬ 
tant  for  companies  to  realize  that  en¬ 
crypting  everything  everywhere  is  un¬ 
necessary  and  can  result  in  increased 
complexity  and  serious  performance 
problems,  Mogull  says. 

“Use  encryption  to  protect  only  data 
that  moves,  physically  or  electronical¬ 
ly,  or  to  enforce  segregation  of  duties 
for  administrators,”  Mogull  wrote  in  a 
Gartner  report  released  in  February. 

Another  area  where  encryption 
can  be  used  is  on  mobile  devices.  The 
proliferating  use  of  notebooks  and 
handheld  devices  makes  encryption  a 
must,  says  Randy  Maib,  senior  IT  con¬ 
sultant  at  Integris  Health  Inc.  in  Okla¬ 
homa  City. 

The  health  care  organization  has 
started  using  technology  from  Dallas- 
based  Credant  Technologies  Inc.  to 
protect  content  on  about  1,000  person¬ 
ally  owned  and  company-issued  hand¬ 
helds,  even  though  it  has  no  formal  set 
of  policies  relating  to 
their  use. 

Credant’s  Mobile 
Guardian  software  is 
designed  to  let  com¬ 
panies  protect  con¬ 
tent  on  handhelds 
that  are  used  by  mul¬ 
tiple  people  —  such 
as  a  device  that’s 
used  to  input  patient 
information  in  a 
hospital  or  clinic. 

The  technology  fea¬ 
tures  access-control, 
data-encryption  and 
user-permission 
functions  that  ensure  that  each  user 
has  access  to  only  the  content  he’s 
authorized  to  view. 

The  tool  also  automates  the  dis¬ 
covery  of  new  and  unauthorized  hand¬ 
helds  that  are  connected  to  a  corpo¬ 
rate  network  and  enforces  compli¬ 
ance  with  security  policy,  Maib  says. 

A  centralized  administration  function 
allows  Integris  to  create  audit  logs 
and  reports  related  to  the  security 
status  of  the  devices  used  within  its 
networks. 

Such  capabilities  are  crucial  in  an 
environment  where  an  increasing 
number  of  physicians  have  begun  stor¬ 
ing  sensitive  patient  information  on 
their  handhelds,  Maib  says. 

“Any  device  that  wants  to  synchro¬ 
nize  with  our  network  would  need  to 
have  [Credant’s  software],”  he  says. 

Jason  Jaynes,  director  of  product 
management  at  Credant,  says  the  com¬ 
pany  is  seeing  increasing  demand 
from  users  such  as  Integris. 


Like  any  secu¬ 
rity  problem, 
there  is  no 
one  approach  that  is 
the  best.  But  every  ap¬ 
proach  helps  eliminate 
a  certain  kind  of  risk 
and  helps  complement 
another  approach. 


PRAT  MOGHE,  PRESIDENT. 
TIZOR  SYSTEMS  INC. 
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Not  all  data  protection  tools  are  de¬ 
signed  to  secure  data  at  rest.  Several 
content-monitoring  tools  are  available 
to  help  companies  ensure  the  security 
and  privacy  of  confidential  data  as  it 
traverses  the  corporate  network. 

For  instance,  vendors 
such  as  Vontu  Inc.  and 
Vericept  Corp.  offer  tools 
that  allow  companies  to 
monitor  all  network  traf¬ 
fic,  including  e-mail, 
instant  messaging,  Web 
mail  and  Web  postings,  to 
ensure  that  confidential 
data  isn’t  being  misused. 

On  a  hospital  network, 
these  types  of  tools  could  be  used  to 
flag  all  communications  that  include 
unencrypted  patient  information,  such 
as  account  numbers,  medical  informa¬ 
tion  or  payment  histories,  and  store 
them  for  later  review  and  action. 


Vendors  such  as  Authentica  Inc.  and 
SealedMedia  Inc.  offer  enterprise  rights 
management  technologies  that  protect 
confidential  data  by  controlling  who 
can  view,  print,  edit,  forward  or  delete 
protected  content. 

Meanwhile,  IBM’s 
Tivoli  Privacy  Manager 
offering  features  a  func¬ 
tion  designed  to  let  com¬ 
panies  monitor  and  en¬ 
force  compliance  with 
data  privacy  policies  at 
the  transaction  and  ap¬ 
plication  levels.  It  gives 
users  a  way  to  centrally 
create,  edit,  manage 
and  audit  policies  that  dictate  which  in¬ 
formation  is  accessed,  by  whom  it  is 
accessed,  the  purpose  for  which  it  is 
accessed,  and  how  it  is  shared,  stored 
and  destroyed. 

-  Jaikumar  Vijayan 


“As  many  as  40%  of  business  users 
have  lost  a  mobile  phone,  and  25% 
have  lost  a  PDA  in  an  airport  or  a  taxi¬ 
cab,”  Jaynes  says.  “That’s  a  problem 
when  you  couple  that  with  the  fact  that 
less  than  10%  of  such  users  have  taken 
measures  for  protecting”  the  content 
on  their  systems,  he  says. 

When  measures  are  taken,  automat¬ 
ed  database-level  protection  tools  al¬ 
low  companies  to  keep  track  of  data¬ 
base  changes  better  than  homegrown 
approaches  can,  says  Margarita  Mura¬ 
tova,  database  administrator  at  Cal¬ 
gary,  Alberta-based  RSM  Richter  LLP, 
one  of  Canada’s  largest  independent 
accounting  firms. 

The  company  is  using  Lumigent’s 
tools  to  monitor  and  audit  activity 
across  its  SQL  Server  database  environ¬ 
ment.  It  has  encrypted  confidential 
data  in  its  core  human  resources  data¬ 
base  with  a  product  called  DbEncrypt 
from  AppSecure.  And  AppSecure’s 
AppDetective  allows  Richter  to  locate 
vulnerabilities  and  software  misconfig- 


urations  and  to  apply  patches  and  up¬ 
dates  if  they’re  available. 

The  tools  “take  a  bit  of  space,  memo¬ 
ry  and  processing  capacity,”  says  Mu¬ 
ratova.  “But  it’s  been  worth  it,”  in  terms 
of  the  content-level  protection  they 
provide,  she  says.  “We  can  see  who  se¬ 
lected  data  from  which  table  and  why 
this  person  looked  at  the  data  and  what 
they  did  with  it,”  she  explains. 

Ultimately,  the  key  to  protecting 
stored  content  is  to  apply  the  same  ac¬ 
cess-control,  monitoring  and  incident- 
response  approaches  that  companies 
have  used  for  years  to  protect  their 
perimeters  and  networks,  says  Ted 
Julian,  vice  president  of  marketing  at 
AppSecure. 

“There  is  no  silver  bullet  here,”  says 
Julian.  “Bringing  security  to  stored 
data  needs  to  be  part  of  building  a  lay¬ 
ered  defense.  But  we  don’t  have  to 
reinvent  the  wheel.  We  know  what  the 
methodology  needs  to  be.  We  just  need 
to  know  how  to  apply  it  to  this  area.” 

©  53444 
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Start-ups  are  challenging  estab¬ 
lished  data  warehouse  vendors 
with  products  that  increase  perfor¬ 
mance  for  ad  hoc  queries  but  cost 
less.  BY  ROBERT  L.  MITCHELL 


WHEN  PREMIER  INC.’S 
medical  databases 
began  bogging 
down  last  year,  the 
San  Diego-based 
provider  of  clinical  data  put  its  data 
warehouse  in  a  box  —  literally. 

Premier  sells  access  to  clinical  data 
it  gathers  from  400  hospitals  to  phar- 

Imaceutical  manufacturers.  Last  year, 
the  company’s  IBM  Red  Brick  data 
warehouse  had  grown  to  3TB,  and  one 
table  included  3  billion  entries.  “When 
you  go  through  3  billion  rows  of  data, 
you  get  long  runtimes,”  says  Chris 
Stewart,  director  of  data  warehouse 
architecture. 

The  problem  wasn’t  just  the  size  of 
the  database,  however,  but  how  clients 
used  the  data.  “Our  users  want  to  ac¬ 
cess  all  of  the  data  from  top  to  bot¬ 
tom,”  says  Stewart,  and  the  complex, 
multipass  queries  created  by  Premier’s 
4,000  users  each  week  were  slowing 
performance.  Some  wouldn’t  run  at  all. 

Instead  of  adding  to  its  24-processor 
Solaris  server  infrastructure  or  making 
further  attempts  to  optimize  the  data¬ 
base,  Stewart  brought  in  an  all-inclu¬ 
sive  data  warehouse  appliance  from 
Netezza  Corp.  in  Framingham,  Mass. 
Some  calculations  that  took  one  or  two 
days  now  finish  in  six  to  eight  minutes 
on  the  appliance’s  108  processors.  Pre¬ 


mier  still  uses  Red  Brick  for  most 
queries,  but  the  NPS  8150  appliance 
handles  the  “really,  really  ugly  ques¬ 
tions”  that  weren’t  possible  to  process 
before,  he  says.  “We  couldn’t  offer  the 
product  offerings  we  do  today”  with¬ 
out  the  appliance,  Stewart  says. 

As  data  warehouses  continue  to  grow, 
more  users  are  demanding  access  to 
business  intelligence  (BI)  tools  to  con¬ 
duct  data-mining  exercises  across 
large  data  sets.  “We’re  talking  about 
using  every  single  call-detail  record 
generated  in  the  last  three  years,”  says 


«The  problem 
of  querying 
data  sets  that  are 
growing  at  over 
100%  a  year  has 
led  to  what  might 
be  called  a  data 
warehouse  * 
capability  gap. 

WILLIAM  FELLOWS, 
ANALYST,  THE  451  GROUP 
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Data  Warehouse 


ON  A  BUDGET 


Claudia  Imhoff,  president  of  Intelligent 
Solutions  Inc.,  a  consulting  firm  in 
Boulder,  Colo.  It’s  hard  for  database 
administrators  (DBA)  to  create  aggre¬ 
gations  of  data,  such  as  summariza- 
tions,  that  can  facilitate  the  processing 
of  these  complex  queries  because  users 
often  don’t  know  in  advance  what 
they’re  looking  for.  “These  unplanned 
questions  are  the  ones  that  knock  the 
stuffing  out  of  databases,”  she  says. 

But  such  queries  are  increasingly 
seen  as  business-critical,  says  William 
Fellows,  an  analyst  at  The  451  Group  in 
New  York.  “The  problem  of  querying 
data  sets  that  are  growing  at  over  100% 
a  year  has  led  to  what  might  be  called 
a  data  warehouse  capability  gap,”  he 
says.  While  market  leaders  like  Tera- 
data,  a  division  of  NCR  Corp.  in  Day- 
ton,  Ohio,  offer  integrated  systems  to 
address  this  for  high-end  applications, 
Netezza  and  others  are  jumping  in  with 
moderately  priced  systems  that  don’t 
require  the  same  high-end  hardware 
and  software  investments  as  those 
from  IBM,  Oracle  Corp.  and  Teradata. 

It’s  an  interesting  trend  but  still  a 
small  part  of  the  $16  billion  market  for 
data  warehouse  hardware  and  software, 
says  Dan  Vesset,  an  analyst  at  IDC. 

SMALL  PLAYERS, 

BIG  DATABASES 

Some  start-ups  offer  only  software, 
while  others  include  software  and 
hardware  in  a  single  bundle  or  appli¬ 
ance.  But  all  use  a  parallelization 
scheme  that  involves  symmetric  multi¬ 
processing  or  a  massively  parallel  pro¬ 
cessing  architecture.  Designs  vary,  but 
all  are  based  on  the  partitioning  of  data 
across  servers  —  something  Teradata 
has  been  doing  for  years,  says  Fellows. 
“There’s  nothing  new  under  the  sun  in 
terms  of  approach  here  except  packag¬ 
ing  and  price,”  he  adds.  While  Netezza 
and  competitors  like  to  position  them¬ 
selves  against  Teradata,  the  company 
still  dominates  on  the  high  end,  he  adds. 

Netezza’s  NPS  appliance  abandons 
database  indexes  in  favor  of  direct  table 
scans,  using  brute-force  processing  to 
get  the  job  done.  The  system  includes 
its  own  database,  with  specialized  field 
programmable  gateway  array  (FPGA) 
logic  that  links  processors  and  storage 
to  speed  up  I/O.  A  system  comparable 
to  Premier’s,  with  4.5TB  of  disk  space, 
sells  for  “a  little  more  than  a  million 
dollars,”  says  Netezza  CEO  Jit  Saxeena.  - 

By  dumping  the  indexes,  Premier’s 
database  dropped  from  3TB  to  1TB. 

The  system  is  sufficiently  fast  that 
Stewart  now  uses  the  appliance  to  both 
process  queries  and  build  the  data- 
aggregation  tables  that  he  loads  into 
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the  Red  Brick  data  warehouse. 

Start-up  Calpont  Corp.  in  Rockwall, 
Texas,  is  developing  a  similar  appliance 
that  hard-codes  the  database  on  an 
FPGA  chip.  Because  it  will  store  the 
data  on  a  solid-state  disk,  or  synchro¬ 
nous  dynamic  RAM,  however,  it  will  be 
targeted  at  smaller  data  sets.  A 128GB 
box  capable  of  supporting  40GB  to 
50GB  of  data  will  have  a  price  tag  in 
the  “couple  hundred-thousand  dollar 
range,”  says  CEO  Jim  Janicki.  “We 
wanted  a  brute-force  engine  to  handle 
everything  we  could  throw  at  it,”  he 
says  of  the  device,  which  is  scheduled 
to  ship  by  midyear. 

Datallegro  Inc.  in  Aliso  Viejo,  Calif., 
is  rolling  out  a  turnkey  system  that 
functions  much  like  the  Netezza  appli¬ 
ance,  but  it’s  built  using  off-the-shelf 
components.  “We’re  taking  standard, 
commodity  servers  with  an  open- 
source  database,”  says  CEO  Stuart 
Frost.  Datallegro’s  3TB  P3000  includes 
21  dual-Xeon-processor  servers,  each 
connected  to  12  Western  Digital  Corp. 
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DATA  WAREHOUSE  ACCELERATION  APPLIANCES 


WHAT  THEY  ARE 
•  ■  Stand-alone,  integrated  systems  designed 
to  support  ad  hoc  queries  for  business  ana¬ 
lytics  and  decision  support.  The  systems 
require  no  tuning  and  are  ready  to  go  - 
just  add  data. 

HOW  f  HEV  WORK 
■  All  designs  are  based  on  research  done  at 
the  University  of  Wisconsin  in  the  mid-'80s 
on  partitioning  of  data  on  servers,  says 
William  Fellows,  an  analyst  at  The  451 
Group.  Data  is  segmented,  queries  are  paral¬ 
lelized,  and  a  symmetric  multiprocessing  or 
massively  parallel  processing  system  exe¬ 
cutes  the  pieces  of  the  query  in  parallel  to 
return  results  more  quickly. 


Hardware-based  data  warehouse  acceler¬ 
ation  appliances  like  those  from  Netezza 
and  Datallegro  abandon  the  use  of  the  data¬ 
base  index  in  favor  of  direct  table  scans  and 
use  parallelization  and  raw  processing 
horsepower  to  process  the  query.  Netezza 
attempts  to  shorten  the  path  between  the 
query  and  the  result  by  placing  processors 
next  to  each  storage  device  within  the  appli¬ 
ance. 

By  contrast,  a  traditional  query  goes  first 
to  the  database  management  system  and 
then  through  the  operating  system  to  read 
the  indexes.  Only  after  the  indexes  are 
searched  is  the  data  retrieved  from  disk.  Sys¬ 
tems  may  consist  of  an  all-in-one  hardware 
appliance  or  an  integrated  turnkey  system. 


BENEFITS 

■  The  appliances  cost  less  than  using  enter¬ 
prise  data  warehouses  for  this  purpose,  are 
easier  to  use  and  manage,  and  can  make 
data  or  data  subsets  available  to  a  broader 
range  of  people  than  would  otherwise  be 
possible. 

For  example,  an  IT  organization  could 
spin  off  a  subset  of  data  and  make  it  avail¬ 
able  via  the  appliance  to  a  group  or  depart¬ 
ment.  Users  can  then  query  the  system  in¬ 
dependently,  without  the  need  for  the  data¬ 
base  tuning  and  optimization  that  would  nor¬ 
mally  tie  up  a  database  administrator.  “Appli¬ 
ances  are  self-contained,  plug-and-play  so¬ 
lutions.  so  there  is  a  lot  less  baby-sitting  by 
the  IT  department,"  says  IDC  analyst  Dan 


Vessett.  A  typical  application  for  data  ware¬ 
house  appliances  would  be  as  a  mechanism 
to  query  call  center  call-detail  records. 

CAVEATS 

■  The  appliances  won’t  handle  the  same  lev¬ 
els  of  data  supported  in  an  enterprise  data 
warehouse.  An  integrated  decision  support 
database  system  from  Teradata  will  support 
a  petabyte  vs.  27TB  for  Netezza's  appliance. 
3TB  for  Datallegro's,  1.5TB  for  Metapa's  and 
128GB  for  Calpont’s  appliance,  which  uses  a 
solid-state  disk.  Each  appliance  also  requires 
its  own  local  copy  of  the  data,  so  administra¬ 
tors  may  end  up  maintaining  multiple  in¬ 
stances  of  the  same  database. 

-  Robert  L.  Mitchell 


Raptor  drives,  and  will  sell  for 
$450,000  when  released  this  month. 
Frost  is  targeting  Oracle  customers 
with  databases  in  the  1TB  to  5TB  range 
and  up  to  300  concurrent  users. 

Metapa  Inc.  takes  a  similar  approach 
but  lets  users  buy  their  own  compo¬ 
nents  based  on  its  specification,  rather 
than  bundling  everything  together. 
Users  “can  assemble  systems  that  are 
just  as  fast  as  the  high-end  data  ware¬ 
houses  at  a  fraction  of  the  cost.  We 
don’t  believe  you  need  a  specialized 
ASIC  chip  to  get  there,”  says  Scott 
Yara,  founder  and  president  of  the  San 
Mateo,  Calif.,  start-up.  The  total  price, 
including  Metapa’s  Cluster  DataBase 
—  due  to  ship  in  the  second  quarter  — 


and  required  hardware,  will  be  half  the 
cost  of  a  Netezza  appliance,  he  claims. 

Clareos  Inc.’s  CrossCut  software,  now 
available,  adds  yet  another  twist.  In¬ 
stead  of  using  database  tables,  it  com¬ 
bines  a  BI  reporting  tool  with  a  spread¬ 
sheetlike  data  model  that  creates  a 
single,  flat  file  of  rows  and  columns. 

“The  next  generation  of  BI  tools  will 
have  a  flat  file  structure  that  will  be 
very  fast,”  predicts  Steve  Foley,  CEO  of 
Herndon,  Va.-based  Clareos.  CrossCut 
software  and  recommended  hardware 
to  process  146GB  of  data  costs  about 
$65,000.  But  the  product  differs  from 
products  like  Netezza’s  in  one  key  re¬ 
spect:  CrossCut  is  a  read-only  database 
that  doesn’t  provide  update  capability, 


Foley  says.  Competitors  that  use  vec¬ 
tor-based  processing  to  support  a  real¬ 
time  decision-making  application  in¬ 
clude  Alterion  Inc.  and  Aleri  Inc.,  says 
Fellows  at  The  451  Group. 

By  contrast,  Teradata’s  integrated 
systems  connect  clusters  of  high-per¬ 
formance  servers  using  a  proprietary 
high-speed  interconnect  called  Bynet 
and  store  data  in  a  Fibre  Channel  stor¬ 
age-area  network.  The  vendor  focuses 
on  allowing  large  numbers  of  concur¬ 
rent  queries  in  a  mixed-workload  envi¬ 
ronment  and  supports  “active  data 
warehousing,”  where  databases  are 
continuously  updated,  says  Stephen 
Brobst,  chief  technology  officer.  He 
sees  the  start-ups’  products  as  best 


suited  for  single-function,  low-end 
data  marts  and  cautions  that  “data 
marts  end  up  replicating  data.” 

But  that’s  a  trade-off  users  may  be 
willing  to  make  when  cost  is  a  factor. 
“With  an  IBM  or  Teradata  solution, 
your  scalability  is  in  large  chunks,” 
says  the  vice  president  of  infrastruc¬ 
ture  at  a  large  financial  services  com¬ 
pany  that’s  beta-testing  a  Datallegro 
system.  The  incremental  cost  for 
adding  capacity  to  an  appliance  can  be 
a  small  fraction  of  what  it  costs  to  up¬ 
grade  his  Sun  Microsystems  Inc.  sys¬ 
tem.  He  is  cautious  about  buying  from 
a  small  vendor,  but  adds,  “If  they  can 
deliver  the  same  or  better  performance 
at  20%  of  the  cost  of  an  IBM  or  Tera¬ 
data  solution,  then  you  have  to  do  it.” 

Most  of  these  systems  take  a  black¬ 
box  approach  to  optimization,  which 
means  DBAs  can’t  do  any  tuning.  That 
paradigm  shift  may  be  the  toughest 
sell,  says  Intelligent  Solutions’  Imhoff, 
and  it’s  definitely  a  weakness  for 
Michael  Benillouche,  director  of  tech¬ 
nology  at  ACNielsen  Corp.,  who 
prefers  to  optimize  his  Oracle  data 
marts  (see  story  at  left). 

But  Premier’s  Stewart  sees  that  as 
an  advantage.  “My  DBA  staff  has  more 
time  for  development  instead  of  hand¬ 
holding  a  database.  We  don’t  need  to 
build  in  cycles  to  make  queries  go 
faster,”  he  says. 

In  traditional  systems,  ad  hoc 
queries  that  bog  down  the  data  ware¬ 
house  are  restricted,  says  Imhoff.  Now' 
IT  can  spin  off  a  subset  of  data  to  more 
groups  for  business  analytics  without 
supplying  DBA  resources.  “If  I  can 
bring  in  a  technology  that  doesn’t  re¬ 
quire  an  army  of  DBAs,  great  Scott, 
what  a  boost,”  she  says.  ©  53449 


FOR  MICHAEL  BENILLOUCHE, 

director  of  technology  and  IT  services  at 
ACNielsen’s  Paris  offices,  tuning  the  data¬ 
base  is  the  key  to  a  high-performance  data 
warehouse.  Benillouche’s  organization  has 
produced  thousands  of  data  marts  as  part 
of  a  project  he  calls  the  Data  Mart  Factory. 
His  group  takes  a  4TB  master  data  ware¬ 
house  that  includes  regularly  updated  data 
from  retailers  and  runs  it  through  a  system 
that  cranks  out  3,000  client-specific  data 
marts  that  ACNielsen  presents  to  1,000 
customers  in  the  retailing  and  consumer 
product  manufacturing  industries.  Each 
data  mart  is  refreshed  weekly. 

ACNielsen  uses  an  0racle9i  data  ware¬ 
house  on  the  back  end  and  uses  DMEx- 
press  data  transformation  software  from 


Syncsort  Inc.  in  Woodcliff  Lake,  N.J.,  to  ag 
gregate  data  for  output  into  individual  data 
marts.  But  Benillouche  says  taking  advan¬ 
tage  of  Oracle-specific  optimizations  was 
the  key  to  good  performance.  The  project 
required  some  100  Oracle  programmers  for 
18  months.  He  says  he  couldn’t  get  those 
Oracle-specific  optimizations  if  he  used  a 
data  warehouse  appliance  like  Netezza’s 
that  supports  only  generic  interfaces  such 
as  SQL-92.  “If  you  properly 
tune  the  application  and  code, 
you’re  able  to  gain  by  a  factor  of 
100.  You  need  a  human  to  un¬ 
derstand  the  algorithm  of  the 
code  and  business  logic  to 
rewrite  it  better,  and  no  system 
can  match  that,"  he  says. 


But  Benillouche’s  customers  are  inter¬ 
ested  in  very  specific  subsets  of  data  and 
specific  aggregations.  If  you  can  build  the 
queries  beforehand,  investing  in  improving 
the  program  algorithm  and  low-level  data¬ 
base  programming  functions  and  calls 
makes  the  most  sense,  he  says.  But  users 
running  a  business  intelligence  tool  to  do 
ad  hoc  queries  to  a  data  warehouse  might 
fare  better  than  with  data  warehouse  appli¬ 
ances,  Benillouche  acknowl¬ 
edges.  If  the  SQL  queries  are  built 
on  the  fiy,  and  you  have  no  con¬ 
trol  over  them,  he  says,  “this  is 
where  you  would  benefit  from 
a  Netezza  rather  than  a  standard 
Oracle/Unix  combination." 

-  Robert  L.  Mitchell 
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Managing  Expectations 


Autonomic  computing  initiatives  moving 
ahead  steadily,  says  IBM’s  Alan  Ganek 


Autonomic  computing 
is  alive  and  well  as  an 
effort  to  increase  the 
self-managing  capabili¬ 
ties  of  systems,  accord¬ 
ing  to  Alan  Ganek,  IBM’s 
vice  president  of  auto¬ 
nomic  computing  and 
chief  technology  officer 
of  the  company’s  Tivoli 
Software  subsidiary.  Ganek  re¬ 
cently  discussed  new  directions 
for  autonomies  with  Computer- 
world’s  Matt  Hamblen. 

Two  or  three  years  into  autonomic 
computing,  is  it  a  success?  I  hear 


customers  say  they  still 
don’t  understand  it. 

Autonomic  computing 
is  a  journey.  We’ve  gone 
from  something  where 
people  were  skeptical 
about  what  the  word 
autonomic  meant  to 
having  50  partners 
working  on  it.  Some 
choose  to  use  the  word  auto¬ 
nomic  in  marketing,  and  oth¬ 
ers  don’t. 

What  will  happen  next  in  auto¬ 
nomic  computing?  We  need  to 
expand  the  field  of  what 


we’re  doing  already.  There 
are  a  number  of  components 
that  could  make  behavior 
more  coherent,  like  console 
and  monitoring  and  problem- 
determination  technology. 

Second,  there  is  more  and 
more  managing  of  system 
complexity  and  the  processes 
people  deal  with.  Over  the 
course  of  next  year,  we’ll  be 
working  very  hard  to  bring 
customers  an  approach  to 
managing  processes  across 
different  silos  that  they  have. 
You  have  your  management 
team,  your  security  and  net¬ 
work  management  team, 
which  operates  system  by  sys¬ 
tem.  We  want  to  change  that 
to  one  that  says,  “What  are  the 
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major  tasks,  availability,  end- 
to-end  and  configuration  man¬ 
agement  and  release  manage¬ 
ment?”  and  take  those  tasks 
and  expand  that  to  a  clearer 
approach  for  customers  to 
manage  processes. 

Has  your  definition  of  autonomic 
computing  changed  in  the  past 
two  years?  Some  members  of 
the  press  overreact  to  the  idea 
of  autonomic  and  liken  it  to 
the  HAL  computer.  But  we’ve 
taken  a  very  pragmatic  ap¬ 
proach  to  it,  and  we’re  build¬ 
ing  up  capability  so  that  it  pro¬ 
vides  value  to  customers  as 
we  go  forward.  But  generally, 
this  is  a  genuinely  new  area  of 
research,  and  the  academic 
community  has  latched  on.  We 
now  have  international  con¬ 
ferences  sponsored  by  the 
best  and  brightest  devoted  to 
autonomies. 


Autonomic  computing  is 
alive  and  well  and  delivering 
real  value  and  making  real 
progress.  We’re  providing 
pragmatic  instrumentation 
and  common  componentry  for 
IT  systems. 

Autonomic  is  all  about 
providing  increasingly  self¬ 
managing  capacity  to  IT  sys¬ 
tems  to  improve  the  balance 
for  what  people  do  and  what 
machines  do. 

Right  now,  people  do  error- 
prone,  tedious  work,  and  com¬ 
puters  can  do  a  lot  of  that  so 
people  have  higher-level  tools 
to  allow  them  to  be  creative. 
That’s  the  balance  we’re 
shooting  for.  ©  53590 
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Storage 


Disk  systems  will 
repairthemselves 
or  can  be  left  un¬ 
repaired  for  years. 

By  Lucas  Mearian 


YOU  CAN  FLY  A  TWO-ENGINE  PLANE  with  one 

engine,  but  how  many  passengers 
would  want  to  be  on  it? 

That’s  the  idea  behind  “bulletproof 
storage,”  a  concept  that  IBM  has  been 
developing  for  two  years  and  plans  to 

begin  unveiling  incrementally  - 

over  the  next  one  to  three  years.  F||T||PF 

“I  think  the  basic  idea  we’re  uiiTnilA 
going  after  is  we  really  want  the 
storage  system  to  be  something 
the  customer  just  doesn’t  worry 


work  cards,  power  supplies  and  soft¬ 
ware.  By  building  more-robust  storage 
systems  that  can  defer  replacement  of 
failed  parts  for  up  to  three  years  be¬ 
cause  of  redundant  components,  IBM 
believes  it  can  also  eliminate  many  hu¬ 
man  errors  that  happen  when  failing 
components  are  replaced. 

A  Matter  offline 

According  to  Stanley  Zaffos,  an  analyst 
at  Gartner  Inc.  in  Stamford,  Conn.,  the 
bulletproof  storage  concept  still  has 
another  five  to  10  years  before  it’s 
broadly  embraced  by  users.  But  once 
it  is,  storage  systems  will  require  less 
maintenance  and,  therefore,  cost  less 
to  maintain. 

“We  know  how  to  build  very  reliable 
code.  We  use  appliances  every  day  that 
have  software  built  into  them  that 
work  forever:  your  auto¬ 
mobile,  your  calculator, 
the  disk  drive  in  your  PC, 
your  telephone,”  Zaffos 
says. 

But  IBM  is  looking  to 
attack  far  more  complex 
systems  than  telephones 
or  calculators. 

Under  its  bulletproof 
initiative,  IBM  is  address¬ 
ing  disk-sector  failures 


WHAT  IBM 

SEES© 


Storage  arrays  that 
can  support  up  to 
three  simultaneous 
disk  failures 


about,”  says  Jai  Menon,  an  IBM  fellow 
and  chief  technology  officer  of  storage 
systems. 

IBM’s  technology  initiative  deals 
with  fault  tolerance  in  every  part  of  a 
storage  system:  disk,  controller,  net¬ 


that  grow  along  with  disk 
capacity.  While  disk  ca¬ 
pacities  double  every 
12  to  18  months,  uncor- 
rectable  read/write  error 
rates  haven’t  improved, 
nor  has  the  probability  of 
an  uncorrectable  error 
occurring  on  a  disk  read 
decreased.  There  are 
more  sectors  on  today’s 
disks  and,  therefore,  a  greater  chance 
of  an  uncorrectable  error. 

The  answer,  Menon  says,  is  to  create 
self-healing  capabilities  for  storage 
management  software  and  more- 
robust  RAID  configurations. 

IBM  says  that  in  about  a  year  it  will 
release  storage  systems  that  can  sup¬ 
port  three  simultaneous  disk-drive  fail¬ 
ures  in  a  single  array  by  introducing 
additional  parity  disks  into  RAID  con¬ 
figurations,  offering  many 
times  the  resiliency  of  a  RAID 
configuration  with  two  parity 
disks.  Today,  standard  systems 
allow  for  only  two  disk  failures. 


Support  for  multiple 
simultaneous  con¬ 
troller  failures 


Software  that  can 
recognize  code  errors 
and  repair  them 

Building  systems 
that  can  defer  replace- 
ment  failed  parts 
for  three  years 


But  Zaffos  argues  that  80%  of 
downtime  today  is  caused  by  user 
error  and  software  failures,  not  hard¬ 
ware  failures.  He  says  that  the  failures 
resulting  from  software  are  created  by 
complexity  and  that  there  is  an  almost 
infinite  number  of  failures  that  can 


occur  in  a  complex  system. 

IBM  is  addressing  those  code  fail¬ 
ures  with  a  software  project  called 
N-Version  Programming,  where  two 
pieces  of  code  in  the  same  application 
save  data  and  then  compare  the  data 
to  ensure  that  there  are  no  errors. 

In  N-Version  Programming,  two 
copies  of  data  are  protected  using  dif¬ 
ferent  means.  One  copy  might  be  pro¬ 
tected  by  standard  RAID-5  program¬ 
ming  coded  by  Programmer  A. 

The  second  copy  is  protected  by  a 
different  algorithm  coded  by  Program¬ 
mer  B.  That  way,  if  the  first  copy  gets 
corrupted  due  to  a  particular  bug  in 
the  program  written  by  Programmer 
A,  then  the  second  copy  can  be  used. 

“The  second  copy  may  have  its 
own  bugs,  but  they  will  manifest  in 
different  ways  at  different  times,  and 
when  they  do,  the  first 
copy  will  be  the  one 
which  is  good  and  which 
we  can  then  use,”  Menon 
says.  “It’s  kind  of  like 
having  a  second  person 
check  the  work  of  a  first 
person  and  keep  fixing 
it  whenever  it  finds  mis¬ 
takes.” 

One  way  IBM  plans  to 
detect  and  correct  cor¬ 
rupted  data  is  to  create 
more-resilient  storage 
software  with  repairable 
data  structures.  The 
code  checks  that  certain 
conditions,  which  are 
described  in  rules,  are 
met.  For  example,  in 
a  file  system  with  multi¬ 
ple  files,  the  sum  of  the 
space  taken  by  the  files 
plus  the  free  space  in  the  system  must 
be  equal  to  the  total  available  space. 
The  code  will  check  this  property 
automatically  at  various  times  and  use 
a  procedure  to  repair  and  fix  problems 
if  the  property  isn’t  met. 

In  this  case,  the  software  isn’t  check¬ 
ing  the  code  to  see  that  it’s  functioning 
properly  and  isn’t  checking  data  con¬ 
tents.  If  certain  properties  aren’t  met, 
the  software  knows  how  to  fix  the  data 
structures. 

But  don’t  expect  to  see  fruit  from 
N-Version  Programming  or  checkable 
data  structures  for  another  two  to 
three  years,  Menon  says. 

“At  some  point,  you’ll  have  to  accept 
that  the  way  these  things  are  built, 
there  will  be  some  things  that  fail,”  he 
says.  “You  have  to  be  able  to  isolate 
that  failure  to  a  small  part  of  the  sys¬ 
tem.  You  have  to  be  able  to  recover 
from  it  very  rapidly.”  ©  53417 
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IP  Conversion  Takes  Off  in  Vancouver 


BY  MATT  HAMBLEN 

The  Vancouver  International 
Airport  Authority  in  British 
Columbia  has  just  completed  a 
four-year  project  in  which  a 
single  IP  network  was  built  to 
support  voice,  data  and  video 
airport  communications  sys¬ 
tems  that  used  to  run  on  30 
networks. 

One  of  the  biggest  chal¬ 
lenges  was  making  the  IP  con¬ 
versions  in  an  airport  that’s 
closed  only  three  hours  a  day, 
says  Kevin  Molloy,  CIO  and 
vice  president  of  simplified 
passenger  travel  at  the  author¬ 
ity.  “We  couldn’t  shut  down 
for  a  month  for  a  rollout,”  he 
says.  The  project,  estimated  to 
cost  about  $4  million  (U.S.), 
will  reduce  annual  network 
costs  for  22  airlines  and  the 


Vancouver  airport  itself  by 
33%,  from  $7.5  million  down  to 
$5  million,  he  adds. 

The  most  recent  additions 
to  the  airport’s  IP  network 
were  1,100  IP  phones,  all  in¬ 
stalled  in  January,  that  are 
used  by  ticket  agents  and  air¬ 
port  workers,  Molloy  says. 

The  phones  and  the  IP  back¬ 
bone  are  all  provided  by  Cisco 
Systems  Inc.,  with  design  ser¬ 
vices  from  Vancouver-based 
Telus  Communications  Inc. 

Telus  and  Cisco  worked 
with  the  airport  to  set  up  a 
test  lab  to  ensure  that  the  IP 
phone  launch  went  smoothly, 
says  Judy  May,  industry  solu¬ 
tions  manager  at  Cisco. 

The  converged  network  has 
brought  together  seven  airport 
networks  and  23  networks 


used  by  airlines,  Molloy  says. 
Some  of  the  functions  on  the 
new  network  serve  1,000 
closed-circuit  security  cam¬ 
eras  and  1,500  televisions,  as 
well  as  60  self-service  check¬ 
in  kiosks  inside  the 
airport  and  another 
20  at  hotels  and  con¬ 
vention  spots  in  Van¬ 
couver.  The  wireless 
baggage-security  rec¬ 
onciliation  system 
and  the  airport’s  pub¬ 
lic  Wi-Fi  hot  spots 
are  also  on  the  new 
backbone,  he  says. 

The  airport  author¬ 
ity  and  several  air¬ 
lines  created  the  common 
kiosks  by  following  an  inter¬ 
national  standard  used  by  sev¬ 
eral  kiosk  manufacturers,  Mol¬ 


loy  says.  The  kiosks,  which  are 
shared  by  all  of  the  airlines, 
have  helped  convince  the  air¬ 
lines  to  give  up  their  networks. 

The  authority  was  able  to 
save  costs  by  consolidating  so 
many  networks,  and  it  could 
then  build  in  network  redun¬ 
dancy  and  split  the  network 
core  across  two  ter¬ 
minals,  Molloy  says. 
Every  edge  switch  is 
redundant,  and  phones 
and  check-in  counters 
are  wired  so  that  a 
disruption  of  the  net¬ 
work  on  one  side  of 
the  airport  will  knock 
out  only  every  other 
check-in  counter. 

In  addition  to  plans 
for  new  IP  phone  ap¬ 
plications,  the  authority  is 
weighing  wireless  voice  over 
Wi-Fi,  which  would  be  used 
by  airport  workers  carrying 


cell  phones.  Molloy  estimates 
that  voice  over  Wi-Fi  could 
cut  $250,000  annually  from 
the  $400,000  spent  each  year 
on  cellular  service.  “That  ab¬ 
solutely  interests  us,”  he  says. 

The  IP  network  and  the 
common  kiosks  support  a 
range  of  new  value-added  ser¬ 
vices,  Molloy  says.  For  exam¬ 
ple,  automatic  border-patrol 
services  are  now  available  on 
the  kiosks,  which  are  fitted 
with  iris-scanning  cameras 
that  a  passenger  can  use  to  by¬ 
pass  long  customs  lines  once 
an  initial  background  photo 
and  security  check  have  been 
logged  into  the  system.  Al¬ 
ready,  4,000  passengers  have 
signed  up  for  the  service. 

In  addition,  the  authority 
has  sold  its  kiosk  service  to 
smaller,  regional  airports  that 
can’t  afford  to  build  new  net¬ 
works,  Molloy  says.  O  53602 
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HIPAA  Compliance 
In  30  Days  or  Less 


With  the  deadline  looming,  our  security 
manager  gives  an  assist  to  the  fellow  in 
charge  of  meeting  the  mandates  of  the 
security  rule.  By  C.  J.  Kelly 


Hipaa.  We  are  all  sick  of 
the  acronym  by  now, 
and  the  April  20  com¬ 
pliance  deadline  for 
the  Health  Insurance  Portabil¬ 
ity  and  Accountability  Act  is 
looming. 

At  the  state  agency  where  I 
work,  the  information  security 
officer  (ISO),  who  is  responsi¬ 
ble  for  HIPAA  security  rule 
compliance,  has  spent 
the  past  seven 
months  or  so  writing 
policies  and  proce¬ 
dures.  He  divided 
them  into  two  groups: 
“required”  (stuff  we 
have  to  do)  and  “ad¬ 
dressable”  (stuff  we’d  better 
be  thinking  about  doing). 

When  I  came  aboard,  only 
one  of  the  policies  had  been 
approved  by  the  agency  chiefs. 
Everything  is  done  by  consen¬ 
sus  here  —  if  one  chief  doesn’t 
like  a  single  sentence,  the  poli¬ 
cy  is  rejected,  edited  and  then 
resubmitted.  I  was  starting  to 
panic  about  the  approaching 
deadline.  If  we  can’t  get  the 
policies  approved,  we  certain¬ 
ly  can’t  implement  them. 

I  did  what  any  respectable 
security  professional  would 
do  under  the  circumstances. 
First,  I  asked  each  chief  to 
support  the  policy-approval 
process.  Next,  wanting  to  find 
a  template  that  would  be 
widely  accepted  but  not  want¬ 
ing  to  reinvent  the  wheel,  I 
went  to  the  Web  site  of  the 
National  Institute  of  Standards 
and  Technology  (NIST)  and 
downloaded  every  available 
document  related  to  security 
and  compliance  with  the 
HIPAA  security  rule. 

Special  Publication  800-66, 
titled  “An  Introductory  Re¬ 


source  Guide  for  Implement¬ 
ing  the  Health  Insurance 
Portability  and  Accountability 
Act  (HIPAA)  Security  Rule,” 
was  just  what  our  ISO  needed: 
a  step-by-step  guide  to  com¬ 
pliance.  A  table  on  page  13  of 
this  handy  document  defines 
each  standard  of  the  rule, 
identifies  its  section  number 
and  outlines  implementation 
specifications,  not¬ 
ing  which  ones  are 
required  and  which 
are  addressable. 
Even  better,  pages  16 
through  54  describe 
various  “key  activi¬ 
ties”  and  provide 
sample  questions.  This  was 
the  perfect  project  outline  to 
give  to  a  HIPAA  newbie. 

I  went  one  step  further  and 
took  the  NIST  outline  and 
plunked  it  into  Microsoft  Proj¬ 
ect,  defined  major  milestones, 
allocated  resources  and  hung 
the  Gantt  chart  on  my  wall.  I 
also  printed  all  of  the  related 
NIST  documents  and  put 
them  in  a  big  binder. 

I  wanted  to  show  my  ISO 
how  to  formulate  a  project 
plan.  I  wanted  him  to  under¬ 
stand  what  he  was  going  to 
be  held  accountable  for  and 
how  short  the  time  frame  for 


You  can’t  just  write 
a  policy,  put  it  in 
a  binder,  label  it 
‘HIPAA  Security 
Rule  Compliance’ 
and  call  it  a  day. 


implementation  was. 

When  I  showed  the  plan  to 
my  boss,  I  felt  the  need  to 
apologize  for  my  microman¬ 
agement.  “I  don’t  usually  go 
to  this  length  with  a  direct  re¬ 
port,  but  I  need  to  get  through 
to  this  guy  that  this  is  the 
quality  of  work  we  expect 
from  him.  He  needs  to  execute 
this  plan.  If  he  can’t,  then  he 
shouldn’t  be  the  ISO.”  My  boss 
agreed. 

In  the  Same  Boat 

I  discovered  that  many  state 
agencies  are  in  the  same  boat. 
HIPAA  requires  them  to  ap¬ 
point  ISOs.  But  most  agencies 
don’t  have  much  security  ex¬ 
pertise,  and  many  agency  ad¬ 
ministrators  view  the  ISO  role 
as  more  of  an  administrative 
function  than  a  technical  one. 
They’re  wrong.  The  HIPAA 
security  rule  is  completely  dif¬ 
ferent  in  implementation  from 
the  privacy  rule  in  that  it  re¬ 
quires  technical  resources. 

It’s  true  that  the  administra¬ 
tive  safeguards  form  the  bulk 
of  the  ruling,  but  even  with 
those,  you  need  a  technical 
understanding  of  how  things 
work. 

For  instance,  you  can’t  con¬ 
duct  a  risk  assessment  without 
understanding  the  vulnerabili¬ 
ties  of  a  networked  computing 
environment.  And  you  can’t 
develop  security  incident- 
response  procedures  without 
understanding  what  consti¬ 
tutes  a  true  security  breach 
and  how  to  detect  one. 

And  when  it  comes  to  con¬ 
tingency  planning  and  disaster 
recovery,  you  need  a  back¬ 
ground  in  things  such  as  con¬ 
ducting  an  impact  analysis  and 
testing  a  disaster  recovery 
plan. 

You  can’t  just  write  a  policy, 
put  it  in  a  binder,  label  it 
“HIPAA  Security  Rule  Com¬ 
pliance”  and  call  it  a  day.  And 
you  can’t  assume  that  the 
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physical  safeguards  are  admin¬ 
istrative  in  nature.  For  exam¬ 
ple,  in  the  area  of  device  and 
media  controls,  how  do  you 
keep  someone  from  carrying 
off  EPHI  (that’s  electronic 
protected  health  information) 
using  one  of  those  little  USB 
flash  devices?  Do  you  disable 
USB  ports  on  all  computer 
systems,  or  can  you  disable 
the  use  of  such  devices 
through  Active  Directory 
or  third-party  software? 

When  you  finally  get  to  the 
technical  safeguards,  you  have 
to  deal  with  things  like  audit 
controls.  Determining  what 
type  of  audit  controls  will  be 
deployed  and  what  types  of 
activities  will  be  tracked  can 
be  quite  a  project,  depending 
on  the  size  of  the  organization. 
Then  you  still  have  to  decide 
where  the  audit  trails  will  be 
stored,  who  can  have  access 
to  them  and  how  the  audit 
record  will  be  secured  from 
tampering. 

Fortunately,  my  agency  has 
several  well-qualified  techni¬ 
cal  people  who,  even  without 
any  direct  security  experience, 
have  done  a  fine  job  of  setting 
up  the  infrastructure  so  that 
the  changes  that  need  to  be 
made  will  be  relatively 
straightforward. 

And  it  helps  that  the  major 
systems  that  handle  most  of 
our  EPHI  transactions  were 
outsourced  two  years  ago  and 
are  now  in  the  process  of  be¬ 
coming  certified  as  HIPAA- 
compliant.  In  fact,  without 
that  card  on  the  table,  the 
game  would  be  lost. 

I’m  confident  that  our  ISO 
and  agency  will  hit  the  com¬ 
pliance  date  without  a  hitch. 
But  I  am  grateful  to  NIST  for 
providing  the  level  of  docu¬ 
mentation  that  it  has  and  very 
thankful  indeed  that  my 
agency  made  a  decision  to 
outsource  years  before  my 
arrival  date.  I 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real 
security  manager,  “C.J.  Kelly,”  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  her  at 
mscjkelly@yahoo.com.  or  join  the  dis¬ 
cussion  in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 
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Red  Hat  Patches 
Critical  Hole 

■  Red  Hat  Inc.  is  warning  en¬ 
terprise  Linux  users  to  update 
their  installations  of  XFree86 
to  fix  a  number  of  serious  se¬ 
curity  bugs,  some  of  which 
could  allow  attackers  to  take 
over  a  system.  Affected  oper¬ 
ating  systems  include  Enter¬ 
prise  Linux  AS  3,  Enterprise 
Linux  ES  3  and  Enterprise  Lin¬ 
ux  WS  3,  Red  Hat  said  in  an 
advisory.  XFree86  is  an  imple¬ 
mentation  of  the  X  Window 
System  that  provides  low- 
level  graphics  functionality  for 
graphical  user  interface  sys¬ 
tems  such  as  KDE  and  Gnome. 
The  most  serious  flaw  is  an 
integer  overflow  in  the  libXpm 
library,  used  by  some  applica¬ 
tions  in  opening  XPixMap  im¬ 
ages,  Red  Hat  said.  An  attack¬ 
er  could  use  a  malicious  XPix¬ 
Map  file  to  execute  code  on  a 
user’s  system. 


MCI  to  Offer  DoS, 
Worm  Blocking 

■  MCI  Inc.  is  expected  to 
launch  a  security  service  this 
month  that  the  company  says 
will  thwart  denial-of-service 
and  worm  attacks.  The  ser¬ 
vice,  called  WAN  Defense, 
detects  threatening  traffic  and 
stops  it  from  hitting  customer 
networks.  MCI  is  using  Arbor 
Networks  lnc.’s  PeakFlow  SP 
network  behavior  anomaly- 
detection  products  to  deter¬ 
mine  whether  a  network  is 
being  attacked.  The  carrier 
is  also  using  Cisco  Systems 
lnc.’s  Mitigation  to  remove 
bad  packets  from  the  flow. 


DHS  Funds  Audit 
Technology 

■  Network  Resonance  Inc.  an¬ 
nounced  that  it  has  received 
funding  from  the  U.S.  Depart¬ 
ment  of  Homeland  Security  to 
build  a  production  version  of 
its  Authoritative  SSL  Auditor. 
The  technology  enables  orga¬ 
nizations  to  produce  authori¬ 
tative  records  of  ail  secure 
communications  over  Secure 
Sockets  Layer  and  Transport 
Layer  Security. 


Solutions  for  the  adaptive  enterprise 


ITANIUM 


e9rity  servers,  powered  by 

speed  and  ease,  making  a  more 


IDC’s  HP  Addresses  Customer  Choice  by  Expanding  Its  Server  Portfolio  at  hp.com/info/integrity 
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Paisley  Launches 
Hosting  Service 

■  Paisley  Consulting  in  Cokato, 
Minn.,  is  offering  hosted  services 
for  its  Risk  Navigator,  AutoAudit, 
CAROmap  and  Focus  business 
accountability  software.  Under 
the  standard  hosting  model,  cus¬ 
tomers  can  purchase  perpetual 
software  licenses  and  then  pay 
Paisley  to  host  the  software  on  its 
servers.  Pricing  starts  at  $5,000 
per  month  for  a  standard  number 
of  users  and  dedicated  memory. 
The  company  also  offers  an  ASP 
pricing  model  that’s  set  up  on  a 
per-user,  per-month  basis,  with 
no  separate  licensing  or  mainte¬ 
nance  fees  required.  The  price 
per  user  varies  based  on  quantity, 
with  a  minimum  charge  of 
$5,000  per  month. 


Cisco  Upgrades 
Support  Tools 

■  Cisco  Systems  Inc.  announced 
the  Cisco  SMB  Support  Assistant 
service  to  help  small  and  midsize 
businesses  with  basic  setup,  di¬ 
agnostics  and  troubleshooting  for 
computer  networking  hardware. 
The  service  is  available  through 
Cisco  channel  partners;  pricing 
wasn’t  disclosed.  Cisco  also  an¬ 
nounced  enhancements  to  Cisco 
Network  Assistant,  a  free,  PC- 
based  network  management  ap¬ 
plication  for  small  and  midsize 
business  networks.  Version  2.0 
offers  expanded  support  for  Cisco 
devices  and  drag-and-drop  fea¬ 
tures,  according  to  Cisco. 


BelnSync  Releases 
Remote  Access  App 

o  BelnSync  Ltd.  has  released 
BelnSync  Pro  1.5,  the  latest  ver¬ 
sion  of  its  secure  peer-to-peer 
synchronization  software.  The 
new  version  lets  users  share  any 
folder  without  moving  it  from  its 
original  location  and  includes  a 
wizard-based  interface  for  mak¬ 
ing  file  synchronization  and  shar¬ 
ing  faster  and  easier,  according 
to  the  Tel  Aviv-based  vendor. 
BelnSync  Pro  1.5  sells  for  $59.95 
per  year  for  use  on  up  to  three 
computers. 
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‘Platforms’ 
For  the  Future 


TO  HEAR  IT  VENDORS  TALK,  everything  is 
either  a  “platform”  or  a  “solution.”  A  few 
extra-special  offerings  are  even  presented 
as  being  both  a  platform  and  a  solution.  I 
flinch  at  both  those  words  and  give  great 
grief  to  vendors  who  pitch  me  using  one  or  both  of  them. 


Almost  no  marketing  pitch 
containing  the  concept  of 
“solution”  is  remotely  hon¬ 
est.  Usually,  a  product  that 
might  credibly  be  part  of  the 
solution  to  a  problem  is 
falsely  presented  as  solving 
the  whole  thing.  And  those 
are  the  less-bad  usages  of  the 
word,  in  which  marketers  ac¬ 
tually  suggest  some  kind  of 
problem  that  the  so-called 
solution  might  solve. 

The  situation  with  platforms,  however, 
is  not  quite  as  dire.  While  traditional 
marketing  about  platforms  is  generally 
bogus,  the  concept  of  “platform”  is  still  a 
useful  one,  and  it’s  worth  examining  how 
the  term  is  changing  in  meaning. 

In  its  classic  meaning,  platform  is  most 
commonly  used  to  denote  a  set  of  oper¬ 
ating  software  —  such  as  an  operating 
system  or  database  management  system 
—  upon  which  a  large  portion  of  IT  in¬ 
vestment  rests.  In  Crossing  the  Chasm 
and  subsequent  books,  Geoffrey  Moore 
popularized  the  idea  that  to  achieve 
large-scale  IT  product  success,  a  vendor 
needed  to  establish  a  market-dominating 
platform.  The  route  to  fabulous  wealth 
went  something  like  this:  Introduce  the 
first,  best  entry  in  a  specific  platform 
product  category;  garner  the  most  appli¬ 
cations,  partner  support  and  market 
share;  enjoy  the  “tornado”  of  a  virtuous 
circle  as  everybody  supports  the  winner; 
and  ultimately  kick  back  as  a  “gorilla” 
and  enjoy  the  monopolylike  advantages 
of  dominant  market  position.  And  in¬ 
deed  that  pretty  much  is  the  story  of 


IBM,  Microsoft,  Oracle, 
Cisco  and  Intel,  not  to  men¬ 
tion  Sun,  Apple,  Novell  and 
myriad  other  second-tier 
successes  as  well. 

However,  the  heyday  of 
that  kind  of  platform  is  pret¬ 
ty  much  over.  Moore  himself 
helped  cause  the  decline;  by 
pointing  out  what  lay  be¬ 
neath  the  phenomenal  suc¬ 
cess  of  Microsoft  et  al.,  he 
inspired  the  IT  industry 
never  to  let  such  success  be  easily  re¬ 
peated.  And  thus  there  are  almost  no 
new  proprietary  platforms  these  days. 

Or  if  there  are,  their  vendors  aren’t  able 
to  exploit  them. 

Almost  everything  that  resembles  an 
important  new  platform  is  instead  open- 
standard  or  even  open-source.  Even 
when  a  single-vendor  standard  does 
sweep  the  industry,  such  as  Sun’s  Java  or 
Microsoft’s  Internet  Explorer,  it  is  so 
wrapped  in  openness  that  the  vendor 
doesn’t  actually  make  much  money  from 
its  accomplishment. 

Several  candidates  have  emerged  to 
replace  the  old  integrated  platforms. 
Open  standards  such  as  service-oriented 
architectures  have  filled  some  of  the 
gaps.  On  the  product  side,  vendors  stung 
by  price  competition  are  splitting  tradi¬ 
tional  platform  product  types  into  multi¬ 
ple  parts.  These  typically  include  a  com¬ 
modity-priced  base  configuration  plus  a 
variety  of  premium-priced  “server”  op¬ 
tions  or  add-ons.  Other  factors,  such  as 
the  increased  role  of  appliances,  support 
a  renewed  emphasis  on  servers  as  well. 
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Indeed,  the  main  point  of  platforms  was 
something  that  now  is  a  bit  obsolete  — 
support  for  application  development.  If 
you  developed  software  on  top  of  the 
platform’s  APIs,  you  were  assured  of 
good  support  and  a  large,  addressable 
market.  Specialty  servers,  however,  fit 
well  with  the  trend  that  has  systems  ad¬ 
ministration  costs  rising  in  importance 
compared  with  those  of  programming. 
Proprietary  APIs  may  now  be  taboo,  but 
there’s  nothing  wrong  with  having  a 
nice,  uniquely  easy-to-use  administrative 
console  that  gives  your  server  lower 
TCO  than  your  competition’s. 

The  true  future  substitute  for  platform 
technology,  however,  may  come  in  a 
slightly  different  area  than  those  men¬ 
tioned  so  far.  Perhaps  the  most  over¬ 
looked  aspect  of  IT  strategy  is  the  long 
list  of  different  kinds  of  information  IT 
is  called  upon  to  manage.  At  most  com¬ 
panies,  a  full  list  is  over  a  dozen  cate¬ 
gories  long,  and  each  category  needs  to 
be  managed  in  a  very  specific  way. 
Almost  every  enterprise  has  traditional 
OLTP  data,  a  data  warehouse,  a  set  of 
plans  and  forecasts,  e-mail,  identity/ 
presence  data,  a  network/IT  asset  data¬ 
base,  network/security  event  data, 
source  code,  published  marketing  con¬ 
tent  (at  least  on  a  Web  site),  generic  doc¬ 
uments  and  a  catchall  category  I’ll  call 
“analytic  event  capture”  that  subsumes 
Web  site  logs,  manufacturing  equipment 
data,  RFID  data  and  the  like.  Also  com¬ 
mon  but  less  universal  are  engineering 
designs,  call  center  logs  and  many  other 
information  types.  Every  single  one  of 
these  requires  a  different  information 
management  system.  Those  manage¬ 
ment  systems  —  and,  even  more,  the  real 
or  virtual  databases  they  manage  —  are 
the  true  IT  platforms  of  the  present  and 
future.  ©  53596 
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We  get  IT.  We  speak  IT.  We  know  IT, 


It's  time  to  hire  -  but  where  do  you  turn  to  find  the  right  fit?  At  Robert 
Half  Technology,  we  really  understand  IT.  Our  unsurpassed  knowledge  of 
the  technology  marketplace  allows  us  access  to  the  most  highly  skilled 
candidates  in  the  industry.  And  we'll  meet  your  requirements  quickly  and 
cost-effectively.  So  whether  you're  looking  for  someone  to  help  manage 
your  Q  &  A  in  application  rollouts,  upgrade  your  operating  system,  or 
even  secure  systems  that  prevent  viruses  -  relax.  Talk  to  us  today.  You'll 
get  the  person  with  the  skills  and  experience  for  the  job. 
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Power  of  Analogy 


Strategic  Security 


Career  Watch 


Analogies  can  be  a  quick  means  to  a  big-picture 
strategy  in  the  highly  ambiguous  world  of  IT.  But  if 
you’re  careless,  the  big  picture  they  provide  may  be 
the  wrong  picture,  says  Jan  W.  Rivkin,  an  associate 
professor  at  Harvard  Business  School.  Page  44 


Tactical  fixes  don’t  cut  it  anymore.  A 
growing  number  of  security  managers 
say  it’s  time  to  approach  information 
security  as  an  operational  risk- 
management  issue.  Page  48 


Who  gets  hurt  by  an  economic 
uptick?  Also,  employees  who  blog  on 
their  own  time  need  guidance  from 
their  companies.  And  the  hiring 
forecast  from  Robert  Half.  Page  49 


ay  you  live  in 
flUl  interesting  times,” 

I W I  goes  the  old  curse. 
That’s  right,  curse.  Stable, 
comforting,  even  flat-out 
boring  eras  are  the  ones  to 
live  in,  apparently.  If  that’s 
true,  corporate  IT  is  enjoying 
a  Golden  Age. 

Clearly,  there  have  been  more  exciting 
times  in  IT.  Budgets  continue  to  be 
squeezed.  Security,  consolidation,  regulato¬ 
ry  compliance  and  other  important-but- 
unsexy  projects  dominate  the  landscape. 
The  “next  big  thing”  is  elusive. 

The  result:  Enthusiasm  is  hard  to  muster. 
“It’s  probably  tougher  [today]  to  clear  a  ma¬ 
jor  project  than  it’s  ever  been,”  says  Joseph 
Balcom,  director  of  enter¬ 
prise  solutions  at  Gtech 
Holdings  Corp.,  a  West 
Greenwich,  R.I.-based 
transaction-processing  company. 

“You’ve  got  to  have  a  crystal-clear  busi¬ 
ness  case  if  you’re  going  to  get  funded,”  says 
Balcom,  who  recently  managed  Gtech’s  up¬ 
grade  of  its  SAP  ERP  software. 

“When  you  go  through  a  period  like  this, 
with  [IT]  spending  down  and  conservative 
management  the  rule,  the  corporate  culture 
in  most  organizations  prevents  anyone  from 
introducing  brand-new  technologies  or  ap¬ 
plications,”  says  Jim  Shepherd,  an  analyst  at 
AMR  Research  Inc.  in  Boston. 

In  the  midst  of  this  grind,  it’s  a  challenge 
for  CIOs  to  keep  their  senior  management 
colleagues  and  business  partners  excited 
about  IT.  When  the  right  projects  come 
along,  can  CIOs  still  persuade  their  CEOs 
to  cut  the  big  checks? 

In  the  right  circumstances,  yes.  Technolo¬ 
gy  managers  who  have  undertaken  costly 
projects  in  this  conservative  environment 
insist  that  where  there’s  a  will,  there’s  still  a 
way.  Make  no  mistake,  there  are  no  more 
blank  checks  in  large-scale  IT.  But  even  in 
these  ho-hum  times,  it’s  possible  to  build 
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Leading  in  a  Lull 


On  the  face  of  it,  motivating 
employees  may  not  appear 
to  be  an  IT  manager’s  top 
challenge  right  now.  That’ s  be¬ 
cause  the  sluggishness  of  the  industry  has 
slowed  job  movement.  “It  may  be  tough  to 
motivate  people,  but  it’s  not  hard  to  retain 
them,”  says  AMR  Research  analyst  Jim 
Shepherd. 

But  motivating  IT  workers  today  can  be 
especially  difficult  because  so  many  of 
their  toys  have  been  taken  away.  Research 
consistently  shows  that  one  great  way  to 
reward  IT  professionals  -  especially  those 
who  shun  the  management  track  for  indi¬ 
vidual  contributor  roles  -  is  to  let  them 
work  with  the  hottest  technologies  on  the 
most  challenging  projects.  With  blue-collar 
projects  dominating  IT,  a  key  motivational 
tool  has  been  removed  from  the  box. 

But  John  Baldoni,  principal  of  Baldoni 
Consulting  LLC  and  author  of  several 
books,  including  Great  Motivation  Secrets 
of  Great  Leaders  (McGraw-Hill,  2004), 
says  it  can  still  be  done.  “It's  up  to  man¬ 


agers  to  create  conditions  for  people  to 
succeed,”  Baldoni  says,  and  that’s  true  no 
matter  what  the  environment.  He  offerfe 
the  following  tips  on  managing  during  list¬ 
less  times: 

■  Be  honest.  If  the  workplace  is  clear¬ 
ly  a  bit  ho-hum,  don’t  pretend  otherwise. 
You’ll  only  hurt  your  credibility.  Instead, 
appeal  to  your  staff’s  professionalism.  “Tell 
people,  ‘Right  now,  our  job  is  to  keep  the 
enterprise  running  through  IT.  Let’s  do  that 
job  as  well  as  we  can,’  ”  Baldoni  says. 

■  Empower  and  delegate.  If 
ground-breaking  projects  aren't  there  to 
offer  stimulation,  "grow  people  in  their 
jobs,"  Baldoni  says.  Offer  cross-functional 
training,  and  feed  management  responsi¬ 
bilities  to  those  who  want  them. 

■  Sacrifice  and  inspire.  While  dele¬ 
gating  is  key,  its  opposite  -  working  in  the 
trenches  once  in  a  while  -  boosts  morale. 
For  example,  if  job  cuts  leave  you  short- 
staffed,  you  might  work  a  few  shifts  on  the 
help  desk. 

-  Steve  Ult elder 


both  buzz  and  commitment. 

When  Auto  Warehousing  Co.  recent¬ 
ly  spent  $40  million  on  a  new  process¬ 
ing  facility,  CIO  Dale  N.  Frantz  faced 
an  uphill  battle  in  convincing  the  com¬ 
pany  to  install  a  new  wireless  network 
and  spend  an  extra  $500,000  or  so  (not 
including  in-house  developers’  time) 
to  upgrade  the  handheld  devices  used 
by  the  Tacoma,  Wash.-based  company. 

“Our  CEO  is  not  especially  tech- 
sawy,”  Frantz  says.  “The  IT  depart¬ 
ment  was  always  seen  as  a  drain  of 
funds,  and  the  [dumb]  scanners  had 
worked  for  15  years.” 

To  persuade  the  CEO,  Frantz 
doggedly  cost-justified  the  802.11b 
wireless  LAN  he  wanted  [QuickLink 
50970].  “By  nature,  he’s  skeptical  of 
both  spending  and  IT,  so  he  always 
wanted  more  estimates,”  Frantz  says  of 
his  boss.  After  a  “reluctant”  green  light 
for  the  project,  Auto  Warehousing’s 
LAN  paid  off  when  the  company  was 
able  to  reduce  the  number  of  employ¬ 
ees  tracking  vehicle  identification 
numbers  from  more  than  20  to  three. 
That  benefit  was  persuasive  enough 
even  for  the  CEO,  and  Frantz’s  team  is 
now  taking  another  of  the  company’s 
facilities  wireless. 

Death  by  Committee 

The  challenge  at  Auto  Warehousing 
was  personality-driven:  A  key  execu¬ 
tive  was  an  IT  skeptic.  But  according 
to  AMR’s  Shepherd,  today’s  ambitious 
IT  plans  are  more  likely  to  face  death 
by  committee,  because  many  compa¬ 
nies  have  created  demanding  technolo¬ 
gy  steering  groups  and  justification 
procedures. 

That’s  the  case  at  Regions  Financial 
Corp.  “We  have  a  technology  council 
chaired  by  our  CEO,”  says  John  Dick, 
CIO  at  the  financial  services  firm  in 
Birmingham,  Ala.  “Everything  needs  to 
go  through  a  rigorous  approval  that  re¬ 
quires  business  justification  and  a 
technical  architecture  review.” 

Dick’s  team  is  in  the  process  of  mod¬ 
ernizing  a  proprietary  risk  manage¬ 
ment  application.  In  squiring  the  proj¬ 
ect  through  the  justification  phase,  he 
says,  the  key  was  helping  business  ex¬ 
ecutives  grasp  the  competitive  advan¬ 
tage  to  be  gained.  “We  have  a  reputa¬ 
tion  for  superior  credit  management, 
so  in  discussing  that,  I  knew  we’d  hit 
the  sweet  spot,”  Dick  says. 

He  closed  the  sale  by  tying  the  pro¬ 
posed  expenditure  to  credit  manage¬ 
ment,  which  Regions  Financial  views 
as  its  secret  weapon.  “I  reminded  [the 
board],  ‘Our  company  succeeds 
through  a  superior  credit  culture;  we 
get  competitive  edge  out  of  how  we 


manage  credit,’  ”  Dick  says.  Thus,  in 
one  fell  swoop,  he  both  demonstrated 
that  the  project  was  tightly  linked  to 
business  goals  and  appealed  to  a  key 
point  of  pride.  The  project  was  funded, 
and  its  first  phase  is  complete. 

Clinical  Commitment 

St.  Luke’s  Health  System  Inc.  in  Kansas 
City,  Mo.,  encompasses  nine  hospitals. 
For  over  a  year,  St.  Luke’s  has  had  clini¬ 
cal  kiosk  systems  on  most  hospital 
floors.  Each  kiosk  included  a  stripped- 
down  PC  running  terminal-emulation 
software  from  Citrix  Systems  Inc.  On 
top  of  the  Citrix  software  sat  packaged 


ft!  It’s  probably 
tougher  [today] 
to  clear  a  major 
project  than  it’s 
ever  been. 

JOSEPH  BALCOM,  director  of 
enterprise  solutions,  Gtech  Holdings  Corp. 


applications  to  help  nurses  and  physi¬ 
cians  do  their  jobs.  For  example,  nurs¬ 
es  could  search  for  patients’  prescrip¬ 
tion  histories,  and  doctors  could  view 
X-rays  remotely. 

When  the  kiosks  had  been  up  and 
running  for  several  months,  St.  Luke’s 
CIO  John  C.  Wade  and  his  team  began 
to  notice  that  nurses  and,  in  particular, 
physicians  weren’t  using  them  as  much 
as  they  had  initially.  Interviews  re¬ 
vealed  one  major  reason:  Users  faced  a 
time-consuming  double  sign-on  proc¬ 
ess;  they  had  to  log  into  Citrix  and 
then  log  into  the  health  care  applica¬ 
tions.  Busy  clinicians  quickly  became 
annoyed  by  the  queues. 

“The  double  sign-on  was  a  nice  IT 
solution,  but  it  wasn’t  meeting  users’ 
needs,”  Wade  says. 

St.  Luke’s  project  manager  Todd 
Hatton  led  an  effort  to  develop  an  ele¬ 
gant  fix:  Citrix  would  run  constantly  in 
the  background  so  the  doctors  and 
nurses  would  need  to  log  on  only  once. 

Even  better,  Hatton’s  group  devel¬ 
oped  split-screen  technology  so  that 
the  application  used  by  physicians  al¬ 
ways  occupied  half  the  screen,  while 
the  nurses’  application  occupied  the 
other.  Practically,  only  one  person  at  a 
time  uses  a  kiosk.  But  having  both  wel¬ 
come  screens  up  at  once  proved  invit¬ 


ing  to  the  health  care  workers. 

According  to  Wade,  programming 
costs  for  the  upgrade  ran  only  $120,000 
to  $135,000.  But  for  the  application  to 
work  properly,  St.  Luke’s  had  to  replace 
about  1,000  monitors,  most  of  which 
were  far  from  obsolete,  with  expensive 
flat-panel  displays. 

“That  cost  us,”  Wade  says,  declining 
to  name  a  dollar  figure.  “I  had  mem¬ 
bers  of  the  management  committee 
say,  ‘We’re  spending  enough  on  IT,  and 
by  the  way,  I’d  like  to  see  more  of  it 
spent  in  my  area.’  ”  And  that  commit¬ 
tee  controlled  the  purse  strings. 

Wade’s  response  to  the  objections 
was  to  count  on  the  committee’s  com¬ 
mitment  to  clinical  excellence.  He 
pointed  out  that  the  existing  kiosks 
were  going  unused  and  that  meant  pa¬ 
tients  weren’t  getting  the  best  possible 
care.  The  committee  was  persuaded, 
funding  for  the  project  was  approved, 
and  the  improved  system  has  been  in 
production  since  March,  with  use  and 
satisfaction  up  dramatically. 

Educational  Mission 

At  Creighton  University  in  Omaha,  the 
radiology  department  of  the  health/ 
sciences  wing  wanted  to  find  a  way  for 
doctors  affiliated  with  Creighton  to 
read  X-rays  at  home.  “We’re  trying  to 
teach  residents  to  read  X-rays,”  says 
Brian  A.  Young,  vice  president  of  IT. 
That  involves  obtaining  second  and 
third  opinions  from  established  physi¬ 
cians.  And  getting  those  opinions  is 
much  easier  if  the  doctors  can  assist 
the  residents  from  their  homes. 

To  do  that,  Creighton  needed  to  se¬ 
cure  sufficient  bandwidth  to  transmit 
the  large  files  and  to  extend  virtual  pri¬ 
vate  network  capabilities  to  physicians’ 
homes  to  keep  the  data  secure. 

In  selling  the  project  to  university 
officials,  Young,  like  Wade  at  St. 

Luke’s,  focused  on  the  altruistic  bene¬ 
fits  of  the  program.  “You  have  to  en¬ 
gage  the  heart  and  mind,”  he  says. 
Young  stressed  Creighton’s  education¬ 
al  mission  and  the  fact  that  the  univer¬ 
sity  was  in  a  position  to  offer  better  re¬ 
mote  health  care  to  needy  people  in 
rural  parts  of  Nebraska. 

Whether  your  organization’s  goal  is 
increased  profits,  a  competitive  edge, 
improved  health  care  or  better  educa¬ 
tion,  demonstrating  how  your  IT  proj¬ 
ect  will  help  reach  that  goal  is  the  key 
to  revving  up  interest  among  your 
business  colleagues  and  loosening  up 
the  purse  strings.  ©  53300 


Ulfelder  is  a  Computerworld  contribut¬ 
ing  writer.  Contact  him  at  sulfelder@ 
charter.net. 
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Analogies  are  to  strategy  as  blue¬ 
prints  are  to  buildings.  Just  be  sure 
you’ve  got  the  right  blueprint. 


Low-end  chips  are  to 
Intel  Corp.’s  future  as 
concrete  reinforcing  bars 
were  to  U.S.  Steel’s.  Un¬ 
less  you  know  the  history 
of  the  steel  industry,  that 
analogy  will  leave  you 
cold.  But  it  compelled 
former  Intel  CEO  Andy 
Grove  to  change  his 
product  strategy. 

In  this  month’s  Harvard  Business 
Review,  Jan  W.  Rivkin  and  Giovanni 
Gavetti  explain  how  managers  often  use 
analogical  reasoning  to  make  strategic 
decisions.  Rivkin,  an  associate  professor 
in  the  strategy  unit  of  Harvard  Business 
School,  told  Computerworld’s  Kathleen 
Melymuka  that  to  harness  the  power  of 
analogy,  managers  must  also  under¬ 
stand  the  pitfalls. 

So,  analogies  are  powerful,  but  they  can  lead 
you  astray?  An  IT  example  got  me  onto 
my  soapbox  on  this.  Everyone  knows 
the  Dell  story.  Compaq,  IBM,  HP  and 
Gateway  have  all  tried  to  match  what 
Dell  has  done,  but  no  one  has  been 
able  to.  Once,  after  I’d  taught  the  Dell 
case,  a  student  came  into  my  office  and 
said,  “I’ve  thought  over  the  Dell  story, 
and  I’ve  decided  I  want  to  become  the 
Michael  Dell  of  the  pizza  delivery  busi¬ 
ness.”  I  said,  “That  sounds  exciting,  but 
if  you  mean  you  want  to  make  pizza  to 
order,  we  kind  of  already  have  that.” 

What  are  the  core  elements  of  analogical 
reasoning?  You  start  with  a  target  prob¬ 
lem.  This  is  the  setting  for  which  you 
want  to  create  a  strategy.  Through 
some  process  of  similarity  mapping, 
you  identify  a  source  environment  that 
is  similar  in  its  essentials.  From  that 
source  environment,  you  grab  a  candi¬ 
date  solution  —  the  thing  that  worked 
well  in  the  source  environment.  You 
translate  that  solution  to  the  target 


environment.  For  example,  Thomas 
Sternberg,  who  founded  Staples,  was  ex¬ 
ploring  a  possible  new  business  that  he 
thought  could  be  the  Toys  R  Us  of  of¬ 
fice  supply.  In  that  case,  office  supply  is 
the  target,  the  toy  business  is  the  source, 
and  Toys  R  Us  is  the  candidate  solution. 

What  does  analogical  reasoning  do  for  me? 

There’s  enormous  efficiency  in  think¬ 
ing  that  way.  You  get  a  whole  bundle 
of  solutions:  what  it  should  look  like, 
shopping  carts,  checkout  counters, 
style  of  retailing,  logistics.  The  ques¬ 
tion  remains  whether  office  supply 
really  does  resemble  the  toy  business. 

Why  is  analogical  reasoning  so  useful  in 
a  field  like  IT?  Analogies  are  most  pow¬ 
erful  in  settings  where  there’s  not 
enough  clarity  to  use  deductive  rea¬ 
soning  nor  so  much  ambiguity  that 
you  have  to  go  for  trial  and  error.  Many 
pockets  of  IT  have  this  middle  ground 
that’s  familiar  enough  to  make  links 
to  more  familiar  settings  but  not  clear 
enough  to  identify  cause  and  effect.  In 
that  middle  ground,  analogies  may  be 
the  only  options  we’ve  got. 

Give  me  an  example.  Intel  for  many  years 
resisted  entering  the  low  end  of  the 
market.  Then  [Harvard  Business 
School  professor]  Clayton  Christensen 
introduced  them  to  an  example  in  the 
steel  industry.  U.S.  Steel  had  let  mini- 
mills  take  over  the  low  end  with  cheap 
concrete  reinforcing  bars  called  rebars. 
He  pointed  out  that  this  was  the  begin¬ 
ning  of  the  troubles  for  the  U.S.  steel 
business.  Once  the  minimills  got  a 
beachhead  at  the  low  end,  they  moved 
up.  At  Intel,  this  really  struck  a  chord. 
Andy  Grove  feared  if  they  ceded  the 
low  end  of  the  market,  the  high  end 
might  follow.  He  even  began  to  refer  to 
low-end  PCs  as  “digital  rebar,”  and 
soon  thereafter  Intel  introduced  the 


Celeron  processor  to  fight  it  out  on  the 
low  end  and  prevent  other  companies 
from  getting  a  beachhead. 

In  this  case,  the  analogy  wasn’t 
about  learning  from  someone’s  success 
but  trying  to  prevent  a  repeat  of  some¬ 
one’s  failure.  It  was  about  what  they 
thought  U.S.  Steel  should  have  done. 

Tell  me  about  some  of  the  drawbacks  to 
analogical  thinking.  The  core  pitfall  is 
choosing  a  source  based  on  superficial 
similarities  to  the  target.  When  Ford 
was  looking  at  redesigning  its  supply 
chain,  it  turned  for  guidance  to  Dell’s 
key  principle  of  virtual  integration. 
There  is  good  reason  to  look  at  Dell. 
Some  aspects  of  what  it  does  look  like 
what  Ford  does.  They  both  take  fairly 
standardized  components  and  assem¬ 
ble  them  into  a  vast  variety  of  models. 

But  other  things  are  quite  different. 

A  large  portion  of  Dell’s  cost  advantage 
comes  from  the  fact  that  virtual  inte¬ 
gration  enables  it  to  buy  inputs  late.  A 
PC  that  arrives  from  Dell  has  a  micro¬ 
processor  bought  later  than  the  micro¬ 
processor  bought  for  another  supplier. 
In  a  setting  where  the  price  of  micro¬ 
processors  declines  dramatically  over  a 
short  period,  that  difference  translates 
into  a  large  cost  advantage  for  Dell.  But 
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prices  in  the  auto  process  are  not  com¬ 
ing  down  so  rapidly,  so  the  power  of 
virtual  integration  and  less  inventory 
is  not  nearly  as  great.  The  good  news  is 
that  Ford  didn’t  fall  into  that  trap. 

Another  potential  problem  is  the  anchoring 
effect.  Can  you  explain?  People  get  at¬ 
tached  intellectually  and  emotionally 
to  their  analogies,  and  it’s  very  hard 
to  shake.  If  you  look  at  Sun,  Scott  Mc- 
Nealy  often  uses  analogies  drawn  from 
the  auto  business.  He  argues  that  buy¬ 
ers  should  be  interested  in  the  whole 
package,  not  the  components,  because 
when  they  buy  a  car,  they  care  about 
the  whole  car,  not  where  the  carbure¬ 
tor  comes  from.  But  you  have  to  ques¬ 
tion  how  dispassionately  he  can  assess 
that  analogy.  His  father  worked  for 
years  in  the  auto  business,  and  his  sons 
are  named  for  auto  models:  Maverick, 
Scout,  Colt  and  Dakota. 

Tell  me  about  confirmation  bias.  It  appears 
that  human  beings  tend  strongly  to 
seek  out  data  that  confirms  their  be¬ 
liefs  and  invest  too  little  in  seeking  out 
disconfirming  data.  We  like  to  be  right. 
If  analogies  come  into  our  heads,  we 
can  always  find  elements  of  reality  to 
confirm  our  belief  in  them. 

With  all  these  pitfalls,  how  can  S  make  sure 
I’m  using  analogies  properly?  You  proba¬ 
bly  can’t  make  analogies  100%  safe,  be¬ 
cause  you’re  using  them  in  a  setting 
where  there’s  ambiguity  and  you  can’t 
really  figure  out  cause  and  effect.  In 
the  most  exciting  parts  of  the  IT  sec¬ 
tor,  this  is  often  exactly  the  situation. 

Careful  reflection  can  allow  you  to 
do  better,  but  it  requires  that  you  first 
recognize  what  your  analogies  are. 
Often,  they’re  really  hidden.  Does 
McNealy  realize  he’s  using  car  analo¬ 
gies  all  the  time?  Probably  not. 

OK.  I  receptee  my  analogy.  Mow  what?  You 
test  the  analogy.  First,  you  have  to  un¬ 
derstand  the  source  environment  and 
why  the  candidate  solution  worked 
there.  Then  ask  yourself:  How  similar 
is  this  setting  really,  and  how  different 
is  it?  It  means  doing  two  things  that 
don’t  come  naturally:  actively  search¬ 
ing  for  differences,  and  asking  if  the 
similarities  you  do  see  are  superficial. 
The  final  step  is  to  translate  the  candi¬ 
date  solution  into  the  target  environ¬ 
ment  and  see  if  it  works  well  enough. 
And  when  you  deploy  it,  be  ready  to 
adapt.  C  53285 


This  is  the  latest  in  a  series  of  monthly  discus¬ 
sions  with  Harvard  Business  Review  authors 
on  topics  of  interest  to  IT  managers. 
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Middleware  is  Everywhere 


■'  Key 

MIDDLEWARE  IS  IBM  SOFTWARE.  IBM  Workplace 

1.  IMs  stockroom  for  ’01  merlot. 

2.  Conferencing  with  design  partners. 

3.  Orders  from  vendor,  wirelessly. 

4.  Driver  receives  last-minute  order. 

5.  Delivers  orders  quickly,  accurately. 

transforms  productivity.  Collaborate  better  with  colleagues, 
partners  and  suppliers  -  the  whole  team.  IBM  Workplace 
offers  fast  access  to  critical  information  based  on  your 
role.  With  all  of  the  collaborative  tools  you  need  to  work 
efficiently  in  one  environment,  you  can  make  better,  more 
informed  decisions.  Faster.  It’s  simply  a  better  way  to  work. 

Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/workplace  ^3  DEMAND  BUSINESS 

Middleware  is  Everywhere. 


Can  you  see  it? 


DB2 


MIDDLEWARE  IS  IBM  SOFTWARE.  The  powerful  DB2 
Information  Management  Software  Family.  With  industry 
leading  DB2  and  Informix®  databases,  it’s  the  most  complete 
information  management  solution  available.  Built  on  open 
standards,  it  lets  you  access  content  from  various  sources 
Integrate  information,  boost  productivity,  stay  compliant.  Plus 
gain  insight  to  make  better  business  decisions.  On  demand 


1.  Takes  virtual  tour  of  vacation  spot. 

2.  Books  flight  with  partner  airline. 

3.  Dispatches  service  automatically. 

4.  Analyzes  schedule  data  dynamically. 

5.  Business  results  reach  new  heights 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/information  jjjj  DEMAND  BUSINESS 
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Treat  information  security  as  an 
operational  risk  management  issue,  not 
as  a  tactical  function,  by  jaikumar  vijayan 


CHRISTOFER  HOFF  is  On  a 
mission.  As  the  director 
of  information  security  at 
Western  Corporate  Feder¬ 
al  Credit  Union  (Wes- 
Corp),  Hoff  has  launched 
an  initiative  to  quantify  the  benefits 
of  information  security  spending  for 
business  executives  at  the  San  Dimas, 
Calif.-based  company. 

The  constantly  evolving  technology 
and  threat  environment  and  the  diffi¬ 
culty  of  attaching  a  specific  monetary 
value  to  information  assets  make  it 
hard  to  come  up  with  traditional 
return-on-investment  numbers,  Hoff 
says.  So  the  focus  instead  is  on  gather¬ 
ing  corporate  metrics  that  show  how 
the  company  can  reduce  risk  exposure 
and  avoid  costs  —  such  as  those  relat¬ 
ed  to  virus  attacks  —  by  implementing 
the  appropriate  security  measures. 

As  part  of  this  effort,  Hoff’s  team  is 
implementing  a  process  methodology 
called  OCTAVE  from  Carnegie  Mellon 
University’s  Software  Engineering  In¬ 
stitute.  OCTAVE  helps  companies  iden¬ 
tify  infrastructure  vulnerabilities,  priori¬ 
tize  information  assets  and  create  asset- 
specific  threat  profiles  and  mitigation 
plans  (see  chart). 

It’s  all  about  showing  “reduction  of 
risk  on  investment,”  Hoff  says.  “I’m 
not  interested  in  showing  that  I’ve  im¬ 
proved  the  bottom  line.  What  I  can 
show  is  how  we  have  managed  risk  on 
behalf  of  the  company  and  reduced 
our  risk  exposure.” 

Hoff  is  among  a  growing  number  of 
security  managers  who  say  it’s  time  to 
approach  information  security  as  an 
operational  risk  management  issue 
rather  than  as  a  function  that’s  solely 
focused  on  implementing  tactical  fixes 
for  every  new  threat  that  surfaces. 

The  need  to  comply  with  regulations 
such  as  the  Sarbanes-Oxley  Act,  the 


Health  Insurance  Portability  and 
Accountability  Act  and  California’s 
SB  1386  is  one  of  the  primary  factors 
pushing  companies  to  take  a  more 
business-oriented  look  at  their  infor¬ 
mation  security  measures. 

Lending  urgency  to  the  situation  is  a 
wave  of  legislation  that  lawmakers  are 
considering  in  response  to  a  series  of 
well-publicized  data  compromises  at 
Bank  of  America  Corp.,  ChoicePoint 
Inc.  and  LexisNexis  Group  [Quick- 
Link  53256]. 

A  New  View 

Evolving  threats  and  a  greater  expo¬ 
sure  to  risk  are  also  pushing  the  need 
for  a  more  strategic  view  of  security. 
The  growing  use  of  wireless  and  hand¬ 
held  technologies  and  the  tendency  to 
connect  internal  networks  with  those 
of  suppliers,  partners  and  customers 
have  dramatically  increased  security 
risks  and  the  potential  consequences 
of  a  breach. 

“All  of  a  sudden,  there  are  a  lot  of 


new  stakeholders  in  information  secu¬ 
rity,”  including  regulators,  sharehold¬ 
ers,  customers,  employees  and  busi¬ 
ness  partners,  says  Carolee  Birchall, 
vice  president  and  senior  risk  officer  at 
BMO  Bank  of  Montreal  in  Toronto.  “All 
of  these  groups  have  different  expecta¬ 
tions  of  IT,  and  they  all  come  to  a  head 
around  information  security,”  she  says. 

The  trend  calls  for  a  fundamental 
rethinking  of  security  objectives,  say 
security  managers  such  as  Hoff. 

The  goal  isn’t  to  completely  elimi¬ 
nate  all  risk,  because  that  is  unrealistic, 
says  Kirk  Herath  chief  privacy  officer 
at  Nationwide  Mutual  Insurance  Co.  in 
Columbus,  Ohio.  Rather,  it’s  to  under¬ 
stand  the  broad  nature  and  scope  of 
the  threats  to  your  specific  situation. 

You  should  base  mitigation  mea¬ 
sures  on  the  probability  of  loss  or  dis¬ 
ruption  from  those  risks.  The  focus  is 
not  on  point  technologies  but  on  high¬ 
er-level  issues  such  as  system  availabil¬ 
ity,  recovery  and  incident  response, 
says  Herath. 

It’s  a  risk-mitigation  approach  that 
starts  with  a  detailed  understanding  of 
the  information  assets  that  you  want  to 
protect  and  what  exactly  you  want  to 
protect  them  against,  says  Vinnie  Cot- 
tone,  vice  president  of  infrastructure 
services  at  Eaton  Vance  Distributors 
Inc.,  a  financial  services  firm  in  Boston. 

The  company  is  currently  imple¬ 
menting  security  changes  aimed  at  ad¬ 
dressing  five  specific  issues  that  were 
identified  during  a  corporatewide  IT 
and  business  risk-assessment  exercise. 

The  issues  include  a  need  for  stronger 
user  authentication  and  measures  for 
securing  and  enforcing  policies  on  all 
endpoint  devices  —  such  as  laptops 
and  wireless  systems  —  attempting  to 
log  into  the  Eaton  Vance  network. 

“We  took  a  look  at  every  possible 


[information  security]  threat  to  Eaton 
Vance,  and  from  there  we  came  out 
with  a  lot  of  ‘what  if’  scenarios  and 
then  determined  what  we  should  do” 
to  deal  with  them,  Cottone  says. 

But  most  security  managers  ac¬ 
knowledge  that  the  daily  tasks  of  deal¬ 
ing  with  unreliable  software  code  and 
chasing  the  latest  viruses,  worms  and 
spyware  leave  little  time  or  resources 
to  focus  on  such  big-picture  strategies. 

Changing  business  requirements  and 
the  growing  complexity  of  threats  can 
also  keep  security  managers  tied  to  tac¬ 
tical  issues,  even  if  they  don’t  want  to 
be.  Adding  to  the  challenge  is  a  trou¬ 
bling  disconnect  between  security 
organizations  and  business  units, 
security  managers  say. 

Lloyd  Hession,  chief  information 
security  officer  at  Radianz  Inc.,  a  New 
York-based  provider  of  communica¬ 
tions  services  to  the  financial  services 
industry,  says  a  common  view  of  exec¬ 
utives  is,  “We  have  spent  all  this  mon¬ 
ey  on  antivirus  tools,  Web  filters  and 
firewalls,  and  why  hasn’t  that  stopped 
this  problem?” 

Security  managers  say  they’re  too 
often  seen  as  purveyors  of  fear,  uncer¬ 
tainty  and  doubt  who  have  little  under¬ 
standing  of  business  requirements. 

To  change  that  image,  they  need  to 
help  business  managers  understand 
the  trade-offs  that  have  to  be  made  to 
accommodate  a  new  security  measure. 
And  that  means  no  geekspeak,  says 
Cottone.  “You  really  can’t  talk  technical 
or  any  kind  of  jargon”  when  communi¬ 
cating  security  strategy  to  the  business 
side,  he  says. 

The  key  message,  says  Hession,  is 
that  information  security  is  a  business 
problem  that  is  “not  addressed  simply 
by  the  firewalls  and  antivirus  [tools] 
that  are  already  in  place.”  ©  53385 


The  OCTAVE  Approach 


The  OCTAVE  (Operationally  Critical  Threat,  Asset  and 
Vulnerability  Evaluation)  methodology  was  developed  by 
Carnegie  Mellon  University’s  Software  Engineering  Institute 
to  identify  infrastructure  vulnerabilities,  prioritize  information 
assets  and  create  asset-specific  threat  profiles  and  mitigation  plans.  OCTAVE  rests  on  1 


0 


Risk 

Evaluation 


■  Self-direction  by  people  in 
the  organization  who  take  responsibility. 

■  Adaptable  measures  that  can  change 
with  technology. 

■  A  defined  process  and  standard 
evaluation  procedures. 

■  A  foundation  for  a  continual  process 

that  improves  security  over  time. 


@Risk 

Management 

■  A  forward-looking  view 

that  explores  changing  relationships 
among  assets,  threats  and  vulnerabilities. 

■  A  focus  on  a  “critical  few”  security 
issues. 

■  Integrated  management  of  security 
policies  and  strategies  with  those  of 
the  organization. 


or  nsk  information  and  activities  Duiit 
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coniext  ot  me  organization  s  mission 
and  business  objectives. 

i  Teamwork  for  an  interdisciplinary 
approach. 
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Arnold  Testa 


TITLE  CIO 

ORGANIZATION: 

Electric  Power 
Research  Insti¬ 
ll  0  A  tute  lnc-  Palo 

U& A  A|t°' Ca|jf- 

"  EPRI  was  estab¬ 

lished  in  1973  as  an  independent 
center  for  electricity  and  environ¬ 
mental  research. 

A  return  to  ecoFnomic  form  won’t 
be  good  news  for  all  employers  in 
Silicon  Valley.  A  nonprofit,  EPRI 
has  benefited  from  the  flood  of 
top  contracting  talent  that  be¬ 
came  affordable  after  the  dot¬ 
com  bust.  Computerworld's 
Thomas  Hoffman  talked  to  CIO 
Arnold  Testa  about  what’s  likely 
to  happen  next. 


Are  you  facing  any  particular  IT  skills 
challenges  at  EPRI?  Not  really,  because 


we’ve  been  able  to  augment  our  staff  with  in¬ 
dependent  contractors,  and  here  in  the  Silicon 
Valley,  there’s  a  wealth  of  technical  talent, 
much  of  which  has  been  underutilized  for  the 
past  two  or  three  years.  When  the  upturn  hits 
in  the  economy  here,  that's  going  to  be  a 
problem. 

Why?  Those  contracting  firms  will  be 
snapped  up  by  top-tier  companies,  and  well 
be  left  with  second-tier  performers. 

Have  you  seen  any  significant  changes 
in  contractor  rates  over  the  past  six 
months?  It’s  a  little  bit  higher.  After  the  dot¬ 
com  bust,  contractor  rates  dropped  about 
50%,  and  now  they’ve  crept  back  to  about 
half  of  what  was  lost.  We  can  still  find  people 
at  lower  rates;  you  just  have  to  hunt  for  them  a 
little  more. 

How  many  contractors  do  you  use  at  a 
given  time?  Not  a  lot,  from  an  applications 
development  standpoint.  About  five  there, 
and  about  five  more  in  our  operations  area. 

We  have  a  total  of  about  50  people  on  our 
IT  staff. 
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Be  Careful  What  You  Blog 


Thinking  about  blogging  about 
your  workplace?  Hold  that  thought. 

Workforce  Management  reported  in 
its  March  issue  that  bloggers  who  post 
items  about  their  lives  on  the  job  some¬ 
times  find  themselves  out  of  a  job.  In 
many  ways,  it’s  just  too  early  to  know 
what  is  and  isn’t  acceptable  blog  materi¬ 
al  as  far  as  employers  are  concerned. 

For  example,  the  magazine  tells  the  sto¬ 
ry  of  a  Delta  Air  Lines  flight  attendant 
who  was  grounded  after  posting  "inap¬ 
propriate’’  pictures  -  of  herself  and  other 
Delta  employees  in  uniform  -  on  her 
blog.  When  she  found  inconsistency  in¬ 
stead  of  evidence  of  any  corporate  poli¬ 
cy  about  this  matter,  she  filed  a  sex  dis¬ 
crimination  complaint.  Then,  a  little 
more  than  a  month  after  being  told  that 
her  blog  had  caused  a  problem,  she 
was  fired. 

Others  have  similar  stories  about  the 
haziness  of  what’s  OK  to  put  up  on  the 
Web.  Mark  Jen  was  a  newly  hired 
Google  employee  when  he  learned  that 
some  of  his  postings  had  to  be  removed. 
His  site  was  down  for  a  while,  and  when 


CAMPUS  COMPENSATION 


MEDIAN  SALARIES  OF  IT  POSITIONS  AT  COLLEGES 
Chief  information  systems  officer 
Director,  administrative  computing 
Associate  director,  information  systems 
Director,  teiecommunications/networking 
Associate  director,  administrative  computing 
Database  administrator 
Systems  analyst  (highest  level) 

BASE:  1,387  public  and  private  colleges  and  universities 

SOURCE:  2004-05  ADMINISTRATIVE  COMPENSATION  SURVEY.  COLLEGE  ANO  UNIVERSITY  PROFESSIONAL 
ASSOCIATION  FOR  HUMAN  RESOURCES  ( WWW.CUPAHR.ORG ).  KNOXVILLE.  TENN  .  MARCH  2005 


Employment  Forecast  Holds  Steady 


CIOs  REMAIN  OPTIMISTIC  about  IT  hiring  in  the  second  quarter,  according  to  the  Robert 
Half  Technology  IT  Hiring  Index  and  Skills  Report.  Of  the  more  than  1,400  CIOs  polled  at  com¬ 
panies  with  100  or  more  employees,  12%  said  they  plan  to  add  full-time  IT  staffers  in  the  next 
three  months,  and  3%  anticipate  decreasing  employment  levels,  for  a  net  9%  increase.  That 
matches  earlier  forecasts. 

AMONG  THE  KEY  FINDINGS  IN  THE  LATEST  REPORT: 

■  For  the  sixth  consecutive  quarter,  business  growth  was  cited  as  the  leading 
motivation  for  adding  IT  staffers. 

■  Networking  is  the  hottest  specialty. 

■  Administration  skills  for  Microsoft  Windows  NT,  2000  and  XP  are  in 
strongest  demand. 

■  Technology  executives  in  the  business  services  sector  project  the  strongest 
hiring  activity  in  the  second  quarter. 
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it  reappeared  without  the  offending  ma¬ 
terial,  Jen  apologized  for  having  “put 
some  stuff  up  on  my  blog  ihat’s  not  sup¬ 
posed  to  be  there,”  writing,  “Just  so  you 
know,  Google  was  pretty  cool  about  all 
this.”  But  a  short  while  later,  he  learned 
otherwise,  and  he  too  was  dismissed. 

Workforce  Management  quotes 
Michael  Rudnick,  national  intranet  and 
portal  practice  leader  at  consulting  firm 
Watson  Wyatt  Worldwide;  “The  popular¬ 
ity  of  blogging  is  growing  rapidly,  but 
most  companies  and  employees  are 
grappling  with  what’s  acceptable  and 
what  isn’t.” 

Eventually,  companies  are  going  to 
have  to  provide  clear  guidance  on  work- 
related  blogging.  And  perhaps  that  guid¬ 
ance  will  be  more  liberal  than  the  cases 
cited  in  the  Workforce  Management  ar- 
ticle  suggest.  Also  quoted  in  the  article, 
Eugene  Volokh,  a  professor  of  law  at 
UCLA,  says,  “Employers  must  recognize 
that  unless  they  accommodate  blog¬ 
ging,  they  risk  losing  good  people.” 

O  53382 
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Without  global  IT  operations, 
my  company  would: 


What  global 
operations? 

30% 


Be  unable  to 
.  meetitsgoals 
Remain  for  sustained 


BASE:  250  RESPONDENTS 


The  main  obstacles  to  our 
globalization  strategy  are: 


Technological 

9% 

What  globaliza¬ 
tion  strategy?  ..  „ ,  ,• 

30%  C^al 

32% 


Political 

29% 


BASE:  224  RESPONDENTS 


What  effect  is  IT  globalization 
having  on  your  company’s 
infrastructure  relative  to  viruses, 
spyware  and  adware? 

Still  there,  but  recent  invest- 
46%  ments  in  solutions  are  helping 
_ I 

37% 


We  are  good: 
no  issues  j 

15% 


Continuestobe  Whatisspy— 

a  constant  issue  ware/adware? 

BASE:  196  RESPONDENTS 


Today,  what  percentage  of 
your  IT  development  and  mainte¬ 
nance  budget  goes  offshore? 

Greater 
than 
25% 


BASE:  197  RESPONDENTS 

SOURCE  LIVE  SURVEY  OF  PARTICIPANTS 
AT  COMPUTERWORLD' S  PREMIER  100  IT 
CONFERENCE.  MARCH  2005 
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Strategic 
Cost  Accounting 


INFORMATION  TECHNOLOGY  costs  form  the 
basis  for  many  strategic  decisions.  Most  large 
companies  have  a  reasonable  understanding  of 
their  overall  IT  costs;  they  track  the  cost  of  peo¬ 
ple,  hardware,  software  and  other  items  in  the  an¬ 
nual  budgeting  wars.  But  you  need  good  cost  account¬ 
ing  to  be  able  to  slice  and  dice  your  IT  costs  the  way 
decisions  are  actually  made:  by  service  and  activity. 


Accurate  cost  accounting 
is  crucial  to  making  good 
business  trade-offs.  It  clari¬ 
fies  whether  a  function  is 
managed  efficiently  and 
helps  you  make  the  right 
choice  when  facing  multiple 
investment  alternatives. 

Specifically,  cost  account¬ 
ing  can  help  you  in  these 
seven  areas: 

1.  Evaluating  outsourcing.  Few 

organizations  want  to  out¬ 
source  if  it  will  result  in 
higher  costs.  But  unless  you 
have  an  accurate  under¬ 
standing  of  your  current 
costs,  your  outsourcing  ef¬ 
forts  may  result  in  a  nasty 
surprise.  Cost-accounting 
data  provides  the  foundation 
for  determining  the  price  at  which  it’s 
advantageous  to  outsource  a  particular 
function. 

2.  Spending  wisely.  One  CIO  found  his 
desktop  budget  increasing  dramatically, 
even  though  workstation  requests  were 
equal  to  the  prior  year’s.  Cost  account¬ 
ing  revealed  the  cause:  The  total  cost  of 
ownership  (TCO)  of  a  notebook  was 
30%  higher  than  that  of  a  desktop  —  in¬ 
cluding  acquisition,  configuration,  in¬ 
stallation  and  support.  Virtually  every 
new  workstation  request  had  been  for  a 
notebook  (which  was  perceived  as  a  sta¬ 
tus  symbol).  Based  on  this  analysis,  all 
future  requests  were  filled  by  desktop 
PCs  unless  notebooks  were  justified. 

3.  Weighing  trade-offs.  Every  organiza¬ 
tion  faces  trade-offs  as  it  allocates  finite 
funds.  Such  trade-offs  include: 


■  Cost  cutting.  Everyone  is 
trying  to  cut  costs.  But  how 
can  you  decide  to  eliminate 
something  for  financial  rea¬ 
sons  if  you  don’t  know  ex¬ 
actly  how  much  it  costs?  If 
division  presidents  want  to 
lower  their  IT  costs,  they 
need  accurate  TCO  values 
for  each  IT  service  or  appli¬ 
cation  used.  These  costs 
need  to  be  described  in  a 
useful  and  understandable 
way  (e.g.,  cost  per  invoice, 
not  cost  per  gigabyte)  so 
that  each  division  can  make 
conscious  trade-offs  regard¬ 
ing  which  IT  services  to 
limit,  cut  or  continue. 

■  New  development.  Every 
IT  organization  has  a  long 

list  of  projects  it  would  like  to  undertake 
but  can’t  fund.  Cost  accounting  provides 
accurate  data  about  the  aggregate  costs 
of  IT  resources  (such  as  database  admin¬ 
istrators,  servers,  architects  and  licens¬ 
es)  that  must  be  included  for  accurate 
planning.  This  allows  proposed  projects 
to  be  more  accurately  evaluated  and  pri¬ 
oritized. 

4.  Improving  forecasting.  Multiyear  fore¬ 
casts  of  IT  costs  can  be  built  in  two 
steps.  First,  categorize  your  spending 
into  major  activities  such  as  develop¬ 
ment,  enhancement,  maintenance  and 
production.  Then  compare  various  com¬ 
binations  of  these  activities  to  industry 
norms,  such  as  the  ratio  of  development 
cost  to  production,  or  the  sum  of  mainte¬ 
nance  and  enhancement  divided  by  pro¬ 
duction.  These  ratios  will  improve  your 
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CIO  at  Tricon  Globa! 
Restaurants  Inc.  and 
Dole  Food  Co.  Contact 
him  at  BartPerkins® 
LeveragePartners.com. 


ability  to  forecast  your  IT  budget  more 
accurately  over  multiple  years.  (See 
“Development  Drop-Down  Budgeting,” 
QuickLink  49668.) 

5.  Assessing  the  financial  impact  of  project 
cancellations.  The  impact  of  stopping  a 
project  or  activity  is  often  dismissed  by 
saying  something  like,  “These  costs  will 
just  go  away.”  If  a  project  is  eliminated, 
however,  not  all  of  the  costs  will  actually 
disappear.  For  example,  canceling  an 
outsourced  project  will  eliminate  pay¬ 
ments  to  the  outsourcer.  But  the  cost  of 
shared  resources  (such  as  test  servers, 
development  tools,  telecommunications, 
architects  and  database  administrators) 
can’t  usually  be  eliminated. 

6.  Evaluating  IT  efficiency.  Today’s  IT  or¬ 
ganization  has  to  be  efficient.  Calculate 
unit  costs  (e.g.,  the  cost  of  a  help  desk 
call  or  the  per-month  cost  of  a  laptop) 
and  compare  them  to  industry  norms. 
Efficient  unit  costs  help  you  justify  IT 
resources.  If  your  costs  are  more  than 
the  norm,  follow  the  money  to  locate  the 
inefficiencies  and  fix  the  problems. 

7.  Enabling  chargeback.  Some  organiza¬ 
tions  use  chargeback  as  a  way  to  limit 
consumption  of  IT  resources,  charging 
departments  for  the  IT  products  and  ser¬ 
vices  they  consume.  Chargeback  isn’t  ap¬ 
propriate  for  every  company.  But  if  you 
plan  to  institute  a  chargeback  system, 
you  need  a  detailed  and  accurate  ac¬ 
counting  of  the  cost  of  each  IT  product 
or  service.  Without  good  cost  account¬ 
ing,  a  chargeback  system  will  allocate 
charges  unfairly,  creating  dissatisfaction 
and  political  grumbling. 

Cost-accounting  data  provides  the  crit¬ 
ical  foundation  for  important  strategic 
decisions.  These  decisions  are  too  cru¬ 
cial  to  base  on  educated  guesses.  Your 
information  needs  to  be  good  enough  to 
bet  the  company,  because  you’re  often 
doing  just  that.  Cost  accounting  lever¬ 
ages  your  financial  data  to  make  in¬ 
formed  and  effective  business  decisions. 
Get  enough  data  to  be  sure.  ©  53288 
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CNN  has  dubbed  him  a  modern-day  James  Bond. 

inkier  has  heisted  nuclear  reactor  designs, 
taken  over  banks,  and  stolen  billions  of  dollars — 
all  to  help  organizations  seal  security  breaches. 

Now,  this  former  National  Security  Agency 
undercover  analyst  helps  you  adapt  the  security 
measures  of  intelligence  agencies  in  order  to  defend 
your  systems  against  such  threats  as  script 
kiddies,  foreign  intelligence  operatives,  cyber¬ 
terrorists,  and  worst  of  all,  your  trusted  insiders. 

If  Spies  Among  Us  reads  like  an  espionage 
expose,  that's  only  because  it  is. 

Praise  for  Spies  Among  Us 

"Ira  Winkler  stands  out  because  he's  the  real 
deal:  a  guy  with  a  resume  of  companies 
he's  broken  into  and  identities  he's  stolen  in 
his  job  as  a  security  and  intelligence  expert. 
He  reveals  the  top  threats  to  our  personal 
and  national  security,  with  lots  of  straight¬ 
forward  advice  on  how  to  protect  yourself. 
If  you've  got  a  social  security  number, 
you  need  to  read  this  book  whether 
you're  a  CEO  or  a  grandmother." 

— Soledad  O'Brien,  CNN 
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Reach  Respected  IT  Leaders  in 

COMPUTERWORLD 
Marketplace  Advertising 

The  Computerworld  Marketplace  advertising 
reaches  more  than  1.8  million  IT  decision  makers  e 
week.  Marketplace  advertising  helps  Computerwo 
readers  compare  prices,  search  for  the  best 
locate  new  suppliers  and  find  new  products  and 
for  their  IT  needs. 
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Virtualizing  NAS?  Expand  Your  Pool. 


NAS  With  RainStorage 
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Not  all  virtualization  solutions  are  equal. 

Most  include  limitations  and  introduce  a  single  mount  point, 
performance  bottleneck,  data  integrity  risk  or  are  limited  to  a 
small  storage  pool. 

With  RainStorage,  you  get  NAS  virtualization  without 
limitations.  RainStorage  deploys  easily  with  no  management 
headaches,  no  risks,  and  includes  specific  applications  that 
identify  and  resolve  issues.  The  result?  You  will 
dramatically  simplify  storage  management,  increase  capacity 
utilization,  improve  performance,  better  leverage  storage 
tiers,  and  lower  TCO. 

But  don't  take  our  word  for  it.  The  Taneja  Group  has  defined 
the  criteria  for  evaluating  virtualization  solutions.  Receive  a 
FREE  copy  of  " Evaluating  Network  File  Management 
Solutions  "  today  at  www.rainfinity.com/Taneja. 
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Optimizing  Storage  with 
Network  File  Virtualization 
unvw.rainfinity.com 
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Contact  Infinity  I/O,  the  industry  leader  in  Storage 
Networking  training,  at  1-800-990-0955  or  visit  our  web 
site  at  www.infinityio.com 


Find  the  franchise  opportunity  that’s 
right  for  you. 
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Commvault  software  lets  you  deploy  individual  products  or  seamlessly 
integrate  new  ones  at  a  fraction  of  the  time,  effort  and  money  required 
by  separate  point  solutions. 


Learn  more  at  commvault.com  or  call  us  at  732.870.4000. 
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Unified  Data  Management 
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Backups.  Snapshots.  SRM.  Compliance.  D/R... 

Are  your  point  products  less 
friendly  than  they  look? 
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IT  Careers:  Regulations  Lead  to  New  Opportunities 


When  regulatory  compliance  and  technology  intersect, 
the  result  can  be  new  IT  challenges.  Such  is  the  case 
with  the  implementation  of  new  SEC  regulations  tied  to 
Sarbanes-Oxley  -  the  birth  of  new  analytic  applications. 

More  important,  businesses  implementing  Sarbanes-Oxley 
have  added  a  new  capability  to  their  business  tool  kit.  The 
new  analytical  applications  are  providing  near-real-time 
analysis  of  how  the  business  is  performing,  seeping  into 
operational  areas  throughout  the  enterprise.  IDC,  a  division 
of  this  magazine's  publisher  IDG,  reports  that  the  new 
applications  provide  greater  internal  visibility,  decision 
support  and  processes/controls. 


According  to  Katherine  Spencer  Lee,  executive  director  of 
Robert  Half  Technology,  business  growth  and  new 
regulatory  measures  mean  more  IT  jobs  at  a  higher  level  of 
complexity.  Spencer  Lee's  January  report  on  2005  salary 
trends  says  the  most  in-demand  IT  professionals  will  be 
those  who  can  develop  applications  and  technologies  that 
collect,  store,  analyze  and  provide  access  to  data.  Key 
technical  skills  required  in  these  areas  include  a  strong 
foundation  in  database  management  -  Orade8i/9i/10g, 
Microsoft  SQL  Server,  IBM  DB2  and  database 
administration  certificates.  She  forecasts  increased  hiring 
in  application  development  for  business  systems  analysts 


and  application  architects  with  well-developed  object- 
oriented  language,  JAVA,  XML  and  .Net  skills. 

Spencer  Lee  says  the  impact  of  new  regulations  is  holistic, 
seeping  down  into  every  aspect  of  technology  operations. 
"The  issue  is  how  a  business  uses  the  new  requirements  to 
improve,  to  be  more  productive,  to  be  more  timely  and 
accurate.  It  is  causing  businesses  to  look  at  IT  in  a  new  way 
-  to  generate  growth. 

"Firms  are  hiring  again,  but  only  after  clearly  defining  their 
requirements  and  making  sure  there  is  a  sustainable  need," 
she  adds. 

The  skill-based  careers  are  accompanied  by  an  uptick  in 
project  management  hiring,  according  to  Spencer  Lee.  The 
complexity  of  the  job  continues  to  grow,  as  demand  is 
higher  for  people  who  can  work  and  communicate  well 
with  non-technical  team  members  and  who  can  identify 
ways  to  get  the  most  out  of  multiple  technologies  and 
functions. 

"I  tell  IT  professionals  that  they  need  to  assure  that  there 
is  evidence  of  them  being  a  proactive  skill  builder,"  Spencer 
Lee  says.  "IT  professionals  must  be  fluid  because  the  job 
requirements  differ  so  vastly  day-to-day.  And  it's 
increasingly  important  how  you  communicate  technology 
since  you'll  be  working  with  (non-technologists)  to  execute 
everything." 


For  more  information  about  IT  Careers  advertising, 
please  call:  800.762.2977 

Produced  by  Carole  R.  Hedden 


Subhashini  Software  Solutions, 
Inc.:  We  are  looking  for  the  follow¬ 
ing  position  in  any  of  the  skills. 
Technical  Services  Managers/ 
Data  Processing  Manager:  Direct 
daily  operations  of  department, 
analyze  workflow,  establish  priori¬ 
ties.  Develop  computer  informa¬ 
tion  resources,  provide  data  secu¬ 
rity  and  control,  strategic  comput¬ 
ing,  and  disaster  recovery. 
Knowledge  in  ERP  packages 
using  SAP,  EDI,  Workflow, 
Business  Connector,  .NET, 
Business  Objects,  PeopleSoft, 
PeopleTools  programs  using  ASP, 
DB2,  SQL/Oracle,  UNIX/NT.  Req. 
M.S.  in  Comp.  Science  or  Engg. 
&  lyr  of  exp,  or  B.S.  in  Comp. 
Science  or  Engg.  +5  yrs  of  exp. 

Systems  Analysts:  Research, 
design,  develop,  test,  &  recom¬ 
mend  software  requirements  for  E- 
commerce  database  applications. 
Use  Oracle.  Java,  Perl.  XML, 
Solaris,  Web  logic,  C++  &  current 
Web  Technologies  in  Windows, 
Unix,  and  Linux  environments. 
Need  B.S.  in  Comp.  Science  or 
Engg.  or  related  and  2  yrs  of  exp. 

Programmer  Analysts:  Design  & 
develop  Enterprise  Resource 
Planning,  Customer  Relationship 
Management,  ASP,  Dataware- 
house  applications.  Use  current 
web  technologies,  web  services, 
Stored  procedures  and  SQL.  Work 
in  Unix  Environment  and  Unix 
Schell  Scripting.  Need  2  yrs  of 
exp. 

Send  resume  to:  HR  Manager. 
Subhashini  Software  Solutions, 
Inc,  2215  W.  Russell  Ave.  Sioux 
Falls,  SD  57104  or  via  e-mail  at: 
recruit.er@subhashinisoftware.net 


Sr.  Test  Engineer-Austin,  TX. 
Responsible  for  planning  and 
leading  functional  test  team 
through  all  stages  of  product 
testing  including  execution,  fail¬ 
ure  analysis,  test  matrix  and  exit 
reporting;  assist  in  overall  pro¬ 
ject  planning  process  including 
authorizing  test  plans  and  test 
schedules,  identifying  resource 
requirements,  risks,  and  mitiga¬ 
tion  factors.  Develop  and 
improve  test  strategies  and  test 
environments  involving  Fibre 
Channel,  SCSI  and  iSCSI  router 
products,  servers,  and  Storage 
Area  Networks  subsystems 
Requires  M.S.  in  Computer 
Science  or  equivalent  and  2  yrs 
of  experience  in  job  offered  or  2 
yrs  in  s/w  system  testing, 
automation,  storage  networks 
using  iSCSI,  Fibre-Channel,  and 
SCSI  protocols.  Mail  resumes 
to  Crossroads  Systems,  Inc., 
Job  Code:  STE,  8300  North 
Mopac  Expressway,  Austin  TX 
78759.  No  fax,  email  or  phone. 


Software  Test  Lead:  May  be 
assigned  to  various  unanticipat¬ 
ed  locations  throughout  US  for 
short  &  long  term  assignments. 
Req's:  BS  Eng.  or  BSCS  &  3  yrs 
exp.  in  job  offered  or  as  s/w  Test 
Eng.  Exp.  to  ind.  testing  of  busi¬ 
ness-critical  app's  for  financial 
institutional  customers  &  use  of 
config.  mngmnt  tools.  Proficien¬ 
cy  in  using  test  automation  & 
performance  testing  tools  such 
as  Mercury  Quick  Test,  WinRun- 
ner  and  Loadrunner;  Oracle  PL/ 
SQL  &  C++  or  Java  req'd.  40 
hrs/week;  Job  &  interview  site: 
Bridgewater,  NJ.  Send  cover  let¬ 
ter  &  resume  to:  Job  #CW-0405, 
RelQ  Software,  Inc.,  250  Route 
28,  Suite  208,  Bridgewater,  NJ 
08807.  No  calls,  pis. 


Omnisoft,  Inc., 

We  are  looking  for  the  following 
position  in  any  of  the  skills. 
Technical  Services  Managers/ 
Data  Processing  Manager: 
Direct  daily  operations  of  depart¬ 
ment,  analyze  workflow,  estab¬ 
lish  priorities.  Develop  computer 
information  resources,  provide 
data  security  and  control,  strate¬ 
gic  computing,  and  disaster 
recovery.  Knowledge  in  ERP 
packages  using  SAP,  EDI, 
Workflow,  Business  Connector, 
.NET,  Business  Objects, 
PeopleSoft,  PeopleTools  pro¬ 
grams  using  ASP,  DB2,  SQL/ 
Oracle,  UNIX/NT.  Req.  M.S.  in 
Comp.  Science  or  Engg.  &  lyr 
of  exp,  or  B.S.  in  Comp.  Science 
or  Engg.  +5  yrs  of  exp. 

Send  resume  to:  HR  Manager, 
Omnisoft,  Inc.,  2215  W.  Russell 
Ave.  Sioux  Falls,  SD  57104  or 
via  e-mail  at: 

sreenivas@omnisoftinc.net 


IT  Manager  for  NY  Fra¬ 
grance  Co.  Plan,  direct,  or 
coordinate  activities  in 
such  fields  as  electronic 
data  processing,  informa¬ 
tion  systems,  systems 
analysis,  and  comp,  pro¬ 
gramming.  Design,  dvlpm- 
nt  &  testing  of  bus.  s/ware 
appli'ns.  Apply  w /  2  copies 
of  resume  to  HRD,  New 
York  Fragrances,  Inc.,  162 
Port  Richmond  Ave, 
Staten  Island,  NY  10302. 
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IT  Careers  offers  you  information  on  the  most  relevant 
career  management  topics  relative  to  IT  recruitment. 
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ATTENTION: 

Law  Firms 
IT  Consultants 
Staffing  Agencies 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing 
legal/ immigration  advertisements? 
Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 

Contact:  Danielle  Tetreault  at: 
800-762-  2977 

rr|careers 


Computer  Support  Specialist  w / 
MS  in  Comp  Sci/MIS  &  min  3  yrs 
exp  in  LAN/WAN  admin  w /  NT 
4  0  server,  WinProxy  6.0  server, 
SQL  server  &  MS  Windows 
server  platforms.  Respon¬ 
sibilities  inch  network  &  desktop 
support,  &  SQL  databases. 
Email  resume  to  Inter  Youth  Org, 
Newark,  NJ  at: 

HumanResounces@iyonewark.org. 


Top  1 0  reasons  why  you 
should  advertise  your 
recruitment  message 
with  IT  Careers. 

j;  IT  Careers  Audience  Skill  Ij 

Survey  2003/2004 

I  •  I  S/M  I  S/IT 

84%  j 

j  I  •  Windows  2000 

83%  i! 

I  •  TCP/IP 

83%  j 

||  •  Windows  95/98 

82%  | 

i  •  pc/s 

80%  ij 

j;  j  •  Unix  NET/ Linux 

75%  | 

f  1  •  Networking/Telecom 

74%  J 

1 1  •  Windows  NT 

73%  ;j 

||  •  Windows  XP 

69%  j| 

j  J  •  Intemct/Web  Dev./E-Com. 
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68%  !j 
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j  Your  direct  line 

|  of  communication 

I  to  qualified  IT 

j  Professionals 

|  with  the  most  in 

I  demand  IT  skills 

j!  it  careers 

|  Contact  us:  800-762-2977  j 
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Mgmt  Consultant,  Richard¬ 
son,  TX.  Conduct  organiza¬ 
tional  studies  &  analyze 
functional  specs  of  bus. 
case  docs,  prepare  master 
design  docs  &  procedures, 
modify  &  build  User  Inter¬ 
face  for  proj  specific  req, 
build  custom  components  & 
assist  mgmt  with  training  sys 
users  &  resolving  comp  s/w 
h/w  problems.  Req:  BSCS+ 
1  yr  exp.  Resumes  to:  M. 
Williams,  Viewlocity,  Inc, 
3475  Piedmont  Rd,  Ste 
1640,  Atlanta,  GA  30305. 


COMPUTER  ENGINEER.  Ana¬ 
lyze  software  and  hardware: 
establish  connection  to  the  inter¬ 
net;  support  of  internal  network; 
design  and  support  of  web  page; 
design  local  area  network,  man¬ 
aged  migration  between  net¬ 
ware  and  windows  NT;  oversee 
installation  of  hardware  and  soft¬ 
ware;  review  results  of  computer 
runs;  manage  real  estate  listing 
on  public  and  trade  sites.  Req. 
Bachelor's  Degree  or  Foreign 
Equivalent  in  Education  and 
work  experience.  Please  for¬ 
ward  resume  to:  Ginette  Orozco, 
PA  104  Crandon  Blvd.,  Ste 
#315,  Key  Biscayne,  FL  33149. 


Gallop  Technologies  seeks 
software  engg/DBA/System 
Analysts  working  in  Dallas  or 
various  sites.  Require  MS  or 
BS  with  related  experience. 
Skills  of  Mercury,  WinRunner, 
OLAP,  data  warehousing 
strong  plus.  Sponsor  H-lb  and 
green  card.  Send  resumes  to 
info@dwspecialsts.com.  EOE. 

IT  specialists,  business  analyst 
wanted  by  ARWANO,  Inc.  for 
positions  using  Oracle,  SQL, 
VB,  C/C++,  SAP,  AS/400, 
RPGLE,  COBOL/400,  CL, 
SQL/400,  Query/400,  Oracle 
RDBMS.  Minimum  is  MS  or  BS 
degree  with  IT  experience.  Tra¬ 
vel  maybe  required.  Apply  at 
waseem@arwano.com  EOE. 


COMPUTER  GAME  JOBS: 
Activision,  an  interactive 
entertainment  software  co., 
has  openings  for  Line  Pro¬ 
ducer,  Software  Engineer, 
and  Game  Programmer  in 
Madison,  Wl.  Send  resume 
to  Staffing  Coordinator, 
3100  Ocean  Park  Blvd., 
Santa  Monica,  CA  90405. 


Software  Eng  Mgr:  Manage 
design  &  development  of 
course  products,  supervise 
pre-release  testing;  design  & 
integration  of  product  fea¬ 
tures  &  technical  tools;  devel¬ 
op  &  simulate  new  algorithms 
based  on  knowledge  space 
theory;  supervise  software 
engineers.  2  yrs  exp  or  5  yrs 
as  a  software  eng.  MS  in  soft¬ 
ware  engineering/computer 
science.  F/T.  Send  resume: 
Aleks  Corp,  400  N.  Tustin 
Ave,  Ste  300,  Santa  Ana,  CA 
92705  Attn:  L.  Dodson. 


ValueMomentum  Inc.  a  software 
development  and  consulting 
company  is  looking  for  Software 
Engineers  having  Masters  De¬ 
gree  or  equivalent  with  a  mini¬ 
mum  of  two  years  of  experience 
in  information  technology  area. 
Applicants  will  be  responsible  for 
Requirement  Collection,  Re¬ 
quirement  Analysis,  Technical 
Architecture/Technical  Design, 
Development,  Review,  Coding, 
and  Testing  to  automate  pro¬ 
cessing  and  to  improve  existing 
computer  systems.  Develop 
application  architecture  and/or 
requirements  for  designing  us¬ 
ing  Rational  Rose,  ERWin  and 
other  tools.  Install,  configure  and 
tune  application  servers  and 
web  servers  like  Websphere  and 
Weblogic.  Configure  and  code 
using  Business  Rules  Engine 
like  Blaze,  and  ILOG.  Perform 
database  design  for  different 
databases  in  web  and  main¬ 
frame  applications  like  Oracle, 
DB2,  IDMS,  Sybase,  Access, 
and/or  IMS.  Undertake  J2EE, 
other  web  development  method¬ 
ologies,  and  mainframe  legacy 
environment.  Perform  code  re¬ 
view  using  tools  like  JUnit,  and 
JTest.  Design  automation  testing 
and  performance  testing  envi¬ 
ronment-using  tools  like  Mercury 
Winrunner  and  Load  runner. 
Work  on  multiple  operating  sys¬ 
tems  like  Unix  and  Windows 
NT/2000.  Good  understanding 
of  Financial  Services  Mortgage, 
Credit,  and/or  Insurance  do¬ 
main  or  in  combination  thereof. 
Will  provide  a  competitive  salary 
and  benefits.  Send  Resume  to 
Value  Momentum,  Inc.,  3001 
Hadley  Road,  Unit  8,  South 
Plainfield,  NJ  07080  or  email  to 
sri@vmomentum.com. 


SENIOR  SYSTEMS  ADMINIS¬ 
TRATOR  Responsible  for  ad¬ 
ministration,  support  and  main¬ 
tenance  of  corporate  Windows 
and  Unix  server  infrastructures, 
Microsoft  and  Linus  based  user 
workstations  and  the  IS  man¬ 
aged  segments  of  the  local  and 
wide  area  networks.  Respon¬ 
sible  for  systems  management, 
capacity  planning,  utilization 
scoping,  and  systems  planning 
and  implementation  for  both 
infrastructure  and  software  sys¬ 
tems  components.  Develop  sys¬ 
tems  specification  based  on 
user  and  business  needs,  make 
recommendations  for  system 
solutions,  participate  in  and  in 
some  cases  manage  the  imple¬ 
mentation  and  administrative 
support  of  hardware  and  soft¬ 
ware  systems.  Work  with  user 
community  at  all  levels  to  deploy 
and  support  systems  to  meet 
business  requirements.  Requir¬ 
ements:  Bachelor’s  degree  (or 
foreign  degree  equivalent)  in 
Computer  Science,  Information 
Science,  or  a  closely  related 
field,  with  five  years  of  experi¬ 
ence  in  the  job  offered  or  as 
Manager/Team  Lead  in  IT.  Prior 
experience  must  include  5  years 
of  SOLARIS  and  VERIATAS. 
Send  resume  to:  HR  Manager, 
ZANTAZ,  Inc.  5671  Gibraltar 
Drive,  Pleasanton,  CA  94588 
(No  Phone  Calls  Please). 


NETWORK  SYSTEMS 
ANALYST 

NetGain  Technologies  seeks  a 
Network  Systems  Analyst  in 
Lexington,  Kentucky.  Design, 
install  and  support  LAN/WAN 
network  configurations  and  in¬ 
ternet  systems.  Analyze  user 
requirements  and  problems. 
Monitor  and  maintain  network 
system  performance.  Plan  lay¬ 
out  of  new  computer  system  or 
modification  of  existing  system. 
Instruct  IT  specialists  of  cus¬ 
tomers  to  solve  and  prevent 
problems.  Bachelor's  degree  in 
Computer  Science  or  related 
field  is  required.  Competitive 
compensation  with  benefits. 
Submit  resume  with  complete 
references  to:  Judy  Palmer,  H.R. 
Director,  NetGain  Technologies, 
2031  Georgetown  Road,  Lexing¬ 
ton,  KY  40511. 
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Enterprise  Technology  Integration  Engineer 

Located  in  Tacoma,  Washington,  MultiCarc  is  recognized  as  one  of 
the  100  best  integrated  health  care  systems  in  America.  This  posi¬ 
tion  will  provide  technical  support  for  the  PACS  (Imaging)  system 
&  expertise  in  the  areas  of  systems  planning,  project  management, 
database  administration,  system  administration,  system  interfacing, 
system/data  security,  information  quality,  application  software  and 
clinical  and  business  administration.  BS  in  Computer  Science  pre¬ 
ferred,  5+  years  experience  in  enterprise  scale  Unix  administration 
(Solaris  preferred),  and  experience  w/  Shell  and  Perl  scripting. 
Experience  w/  PACS  (Imaging)  a  plus.  Previous  healthcare 
experience  preferred.  We  offer  competitive  salaries,  a  comprehensive 
benefit  package,  and  tuition  repayment. 

E-mail  resume  to  julie.wood@mulitieare.org 
or  apply  online  at  www.multicare.org 

Equal  Opportunity  Employer 


Project  Manager  (Orlando 
FL).  Expanding  hospitality 
and  business  management 
company  seeks  software  pro¬ 
fessional  to  plan,  manage 
and  maintain  various  Interne: 
and  business  system  projects 
through  project  life  cycle 
Prior  project  and  resource 
management  experience  uti¬ 
lizing  web/Internet  technolo¬ 
gies  helpful.  Competitive 
salary.  Mail  resume  to  Avista 
Management  Inc.,  5353 
Conroy  Road,  Suite  200, 
Orlando,  FL  3281.  Attn:  Sofia 
Barnes 

Software  Engineer  (Orlando, 
FL).  Technology  company 
seeks  software  professionals 
to  develop,  and  manage  net¬ 
works  and  systems  by  utiliz¬ 
ing  knowledge  of  Java, 
JavaScript,  C,  C++,  PASCAL, 
HTML,  CISCO  7204,  Real 
Media  Technology  and  DNS 
Server.  Extensive  Knowledge 
in  ColdFusion,  SQL  Server 
2000,  Netscreen  Firewalls, 
and  BIG-IP  Loadbalancers 
preferred.  Competitive  salary. 
Mail  resume  to  Avista 
Management  Inc.,  5353 
Conroy  Road,  Suite  200, 
Orlando,  FL  32811.  Attn:  Sofia 
Barnes 

ValueMomentum  Inc.  a  software 
development  and  consulting 
company  is  looking  for  Project 
Managers  having  Masters  De¬ 
gree  or  equivalent  with  a  mini¬ 
mum  of  three  years  of  experi¬ 
ence  in  information  technology 
area.  Manages  multiple  projects. 
Manage,  execute  and  deliver 
projects,  including  analysis  of 
user  requirements,  design,  de¬ 
velopment  and  testing  to  auto¬ 
mate  processing  and  to  improve 
existing  computer  systems.  Ex¬ 
ecute  projects  using  both  Water¬ 
fall  and  RUP  models  in  distrib¬ 
uted  environment.  Work  in  multi¬ 
ple  technologies  that  includes 
Mainframe  and  Open  systems. 
Design  and  architect  new  com¬ 
puter  systems  and  solutions 
using  Rational  Rose.  Erwin,  and 
Power  Designer.  Manage  pro¬ 
jects  in  COBOL,  Natural/Adab- 
as,  Java,  J2EE,  Dot  Net,  DB2, 
Oracle,  and  Sybase.  Oversee 
installation,  configuration  and 
tuning  application  servers  and 
web  servers  like  IIS,  Websphere 
and  Weblogic.  Work  on  multiple 
operating  systems  such  as  Unix 
and  Windows  NT/2000  environ¬ 
ment.  Good  understanding  of  Fi¬ 
nancial  Services  and  Insurance 
domain.  Will  provide  a  competi¬ 
tive  salary  and  benefits.  Send 
Resume  to  Value  Momentum, 
Inc.,  3001  Hadley  Road,  Unit  8, 
South  Plainfield,  NJ  07080  or 
email  to  sri@vmomentum.com. 

Software  Engineers:  Software 
development  activities.  Min.  BS 
CS/EE/CE/Math  or  foreign  deg. 
equiv.  Background  to  include:  a 
minimum  of  three  of  the  follow¬ 
ing  skills  sets:  machine  learning, 
image  processing,  data  mining, 
algorithm  design,  distributed 
systems,  database  design  using 
SQL/MySQL:  object  oriented 
design/programming.  Job  Sites: 
Mt.  View,  CA,  Santa  Monica, 
CA,  Kirkland,  WA,  NY,  NY. 
Interested  candidates  send 
resume  to:  BS1  (J),  K.  Wolfe, 
1600  Amphitheatre;  Mt,  View, 
CA  94043  (www.aooale.comT 

Enaineer 

Nuntius  Systems,  Inc.  is 
looking  for  a  Senior  Soft¬ 
ware  Engineer  -  Network¬ 
ing  and  Connectivity. 
Travel  required.  Please 
mail  resumes  to  Nuntius 
Systems,  Inc.,  Job  code: 
CWLC,  13700  Alton  Park¬ 
way,  Suite  #154-266, 
Irvine,  CA  92618.  No 
phone  calls  or  emails 
please. 

Software  Engineers:  Software 
development  activities.  Min.  MS 
CS/EE/CE/Math  or  foreign  deg. 
equiv.  Background  to  include:  a 
minimum  of  three  of  the  follow¬ 
ing  skills  sets:  machine  learning, 
image  processing,  data  mining, 
algorithm  design,  distributed 
systems,  database  design  using 
SQL/MySQL;  object  oriented 
design/programming.  Job  Sites: 
Mt  View,  CA.  Santa  Monica, 
CA.  Kirkland.  WA,  NY,  NY 
Interested  candidates  send 
resume  to:  MS1(J),  K.  Wolfe, 
1600  Amphitheatre;  Mt.  View, 

Software  Engineers:  Lead  soft¬ 
ware  development  activities. 
Min.  PhD  CS/EE/CE/Math  or 
foreign  deg.  equiv  Background 
to  include:  a  minimum  of  three  of 
the  following  skills  sets:  machine 
learning,  image  processing,  data 
mining,  algorithm  design,  distrib¬ 
uted  systems,  database  design 
using  SQL/MySQL;  object  ori¬ 
ented  design/programming  Job 
Sites:  Mt.  View,  CA.  Santa 
Monica,  CA,  Kirkland.  WA,  NY. 
NY.  Interested  candidates  send 
resume  to:  PHD1(J),  K.  Wolfe, 
1600  Amphitheatre,  Mt.  View, 
CA  94043  (www.ggogle.com). 
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Outsourcing 


nology  officer  at  First  Horizon 
Bank  in  Memphis.  “This  is  go¬ 
ing  to  be  a  problem  for  us  as 
an  industry  and  as  a  company 
over  time,  because  a  lot  of  in¬ 
novation  comes  from  them.” 

Ruckh  was  among  a  group 
of  executives  speaking  on  gov¬ 
erning  IT  outsourcing  proc¬ 
esses  at  the  American  Bankers 
Association’s  Bank  Outsourc¬ 
ing  Forum  here  last  week.  He 
said  First  Horizon  has  turned 
to  Fidelity  Information  Ser¬ 
vices  Inc.  to  centralize  its  IT 
systems  management. 

Consolidation  Benefits 

Ruckh  said  First  Horizon  is  in 
the  process  of  expanding  a  2- 
year-old  outsourcing  pact  with 
Jacksonville,  Fla.-based  Fidelity 
Information  Services  that  has 
centralized  management  of  the 
bank’s  core  IT  systems.  With 
Fidelity,  he  said,  his  company 
has  gained  better  overall  IT 
project  results  for  less  money 
and  more  consistent  delivery 
on  service-level  agreements. 

First  Horizon  consolidated 


Checklist 

Research  the  following 
before  selecting  an 
outsourcing  vendor: 

■  Financial  stability 

■  Information  security 
program  and  policies 

■  Application/systems  security 

■  Vendor  relationships 

■  Insurance  considerations 


■  Offshore  and  cross- 
border  issues 


■  Contingency  planning  and 
disaster  recovery  plans 

■  Physical  security 

■  Hiring  practices  and  employ¬ 
ment  policies 


SOURCE:  REGIONS  FINANCIAL  CORP. 


Banks  Merging  Business, 

MEMPHIS 


BANKING  CIOs  are  increasingly 
moving  IT  employees  into  offices 
with  business  personnel,  making 
them  share  the  responsibility  - 
and  rewards  -  for  building  and 
implementing  IT  projects. 

Speaking  at  the  American 
Bankers  Association’s  Bank  Out¬ 
sourcing  Forum  here  last  week, 
Tom  Meiman,  strategic  migration 
manager  at  Wachovia  Corp.  in 
Charlotte,  N.C.,  said  it’s  impor¬ 
tant  for  technologists  and  busi¬ 
ness  personnel  to  work  together. 
“You  need  to  be  in  the  room  talk¬ 
ing  about  engineering,  because 
the  convergence  process  really 
does  require  a  new  way  of  think¬ 
ing  about  things,”  he  said. 

The  $28  billion  bank  is  in  the 
middle  of  an  engineering  project 
to  converge  several  electronic 


image  and  data-transfer  net¬ 
works  in  conjunction  with  the 
federal  Check  Clearing  for  the 
21st  Century  Act,  or  Check  21, 
which  allows  banks  to  use  check 
images  instead  of  physical  items 
for  clearing  and  settlement. 

John  Dick,  CIO  at  Regions 
Financial  Corp.,  a  $4.6  billion 
bank  based  in  Birmingham,  Ala., 
has  been  training  his  IT  employ¬ 
ees  about  the  banking  business 
to  help  them  better  understand 
the  other  side  of  the  house.  Dick 
said  he  doubled  his  IT  training 
budget  between  2003  and  2004 
and  is  tripling  it  this  year  as  a  re¬ 
tention  tool  for  his  1,000-plus  IT 
employees. 

“IT  professionals  are  highly 
;  motivated  by  training,"  he  said.  “I 
think  [the  business  courses]  will 
have  a  longer-term  impact  in  how 


IT  Offices 

we  work  with  the  business  side.” 
He  expects  to  gradually  provide 
IT  workers  with  more  business 
responsibility  “as  we  get  the  ar¬ 
chitecture  and  standards  more 
formalized  and  the  governance 
established  around  this  model.” 
Dick  also  took  an  unusual  step 


HlfS 

not 

just  about 
doing  ed¬ 
ucational  stuff,  but 
actually  making 
[business  and  IT] 
one  team. 


JOE  GOTTRON,  CIO, 
HUNTINGTON  BANCSHARES  INC. 


by  hiring  a  communications  spe¬ 
cialist  to  help  his  organization 
make  the  rest  of  the  company 
aware  of  IT s  contributions  to  the 
business. 

Over  the  past  four  months,  Joe 
Gottron,  CIO  at  Huntington  Banc- 
shares  Inc.,  said  he  physically 
moved  IT  and  business  personnel 
working  on  CRM  and  ERP  projects 
to  a  combined  office  two  miles 
from  the  firm’s  Columbus,  Ohio, 
headquarters.  The  group  had  pre¬ 
viously  been  separated  by  two 
floors  in  the  headquarters  building. 

Gottron  also  created  a  new 
program  management  office,  as¬ 
signing  a  single  manager  for  both 
business  and  IT  personnel  as¬ 
signed  to  an  IT  project.  “You  talk 
about  taking  it  to  the  next  level. 
It’s  not  just  about  doing  educa¬ 
tional  stuff,  but  actually  making 
them  one  team,”  he  said.  “It’s 
vastly  improved  the  results.” 

-  Lucas  Mearian 


many  of  its  other  vendor  out¬ 
sourcing  agreements  into  a 
more  centralized  one  with  Fi¬ 
delity,  according  to  Ruckh. 
The  bank’s  IT  budget  is  about 
$120  million,  and  “a  good  por¬ 
tion  of  that  is  with  Fidelity,” 
said  Ruckh,  who  wouldn’t  dis¬ 
close  the  value  of  the  deal. 

Landy  Dutton,  director  of 
operational  risk  management 
at  Regions  Financial  Corp.  in 
Birmingham,  Ala.,  said  the 
federal  Gramm-Leach-Bliley 
Act,  which  requires  financial 
institutions  to  ensure  cus¬ 
tomer  privacy,  prompted  her 
company  to  centralize  control 
of  outsourcing  to  reduce  risk. 

Through  its  consolidation 
effort.  Regions  has  reduced 
the  number  of  its  service  con¬ 
tracts  from  500  to  30  over  the 
past  several  years,  Dutton  said. 

The  financial  services  Firm 
created  a  single  outsourcing 
information  database  and  cen¬ 
tral  vendor  management  pro¬ 
gram  that  has  outsourcing 
managers  report  to  top-level 
executives  and  includes  risk 
assessments  of  all  outsourcing 
vendors. 


By  centralizing  manage¬ 
ment  and  contract  informa¬ 
tion,  the  company  can  better 
keep  track  of  its  outsourcing 
efforts,  Dutton  said.  “When 
you  manage  outsourcing  in 
the  business  units,  you  never 
know  how  many  contracts  you 
have,”  she  said. 


MEMPHIS 

CORPORATE  IT  organizations 
are  increasingly  turning  to  the 
SAS  70  auditing  standard  to  en¬ 
sure  that  outsourcers  comply 
with  various  government  IT  reg¬ 
ulations. 

SAS  70,  or  the  Statement  on 
Auditing  Standards  No.  70,  was 
developed  by  the  New  York- 
based  American  Institute  of  Cer¬ 
tified  Public  Accountants.  It  can 
be  used  to  ensure  internal  com¬ 
pliance  and  that  vendors  abide 
by  the  rules,  executives  said. 

Chicago-based  Northern 
Trust  Corp.  uses  the  SAS  70  for¬ 
mat  to  evaluate  whether  large 


In  contrast  to  those  who 
favor  larger,  more  centralized 
outsourcing  contracts,  Louis 
Rosenthal,  an  executive  vice 
president  in  charge  of  IT  for 
the  North  American  opera¬ 
tion  of  ABN  Amro  Bank  NV, 
prefers  multivendor  deals 
because  they  let  him  use  best- 


outsourcing  vendors  are  compli¬ 
ant  with  various  government  reg¬ 
ulations,  such  as  the  Sarbanes- 
Oxley  Act  and  the  Gramm-Leach- 
Bliley  Act,  said  Katy  Hurst,  glob¬ 
al  disaster  recovery  director  at 
the  bank. 

Northern  Trust  has  beefed  up 
its  effort  to  scrutinize  current  and 
potential  outsourcing  partners 
because  regulators  have  made  it 
clear  that  “outsourcing  relation¬ 
ships  are  subject  to  the  same  risk 
management  practices”  as  those 
used  in-house,  Hurst  said  at  the 
American  Bankers  Association’s 
Bank  Outsourcing  Forum  here 
last  week. 


in-class  providers  of  any  size. 

Over  past  10  months,  Rosen¬ 
thal  has  been  evaluating  ven¬ 
dor  proposals  to  run  the  ma¬ 
jority  of  Amro  IT  operations 
in  60  countries.  Rosenthal  ex¬ 
pects  the  effort  to  save  his  IT 
operations  $800  million  annu¬ 
ally.  ©  53666 


First  Horizon  Bank  also 
spends  “considerable  time”  per¬ 
forming  internal  audits  and  using 
the  SAS  70  certification  stan¬ 
dard  to  ensure  that  the  IT  opera¬ 
tions  of  its  outsourcers  are  com¬ 
pliant  with  privacy  laws,  said 
Patrick  Ruckh,  First  Horizon’s 
chief  technology  officer. 

William  Henley,  an  examina¬ 
tion  specialist  at  the  Federal  De¬ 
posit  Insurance  Corp.,  urged  the 
banking  executives  to  go  beyond 
using  SAS  70  as  a  checklist  for 
outsourcers  and  called  on  IT 
units  to  undertake  their  own  vig¬ 
orous  due-diligence  processes. 

-  Lucas  Mearian 


SAS  70  Standard  Helps  Bankers  Evaluate  Outsourcers 
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Keep  RFID  Simple 

The  state  of  Texas  is  thinking  about  replacing  vehicle 
inspection  stickers  with  RFID  tags  [QuickLink  53621]. 
The  state  likes  the  idea  because  it  would  enable  drive-by 
enforcement  of  insurance  requirements.  Privacy  parti¬ 
sans  don’t,  because  it  could  expose  car  owners’  personal 
information  to  anyone  who  scans  their  vehicles  with  an  RFID  reader. 

Sounds  like  a  tough  problem  of  functionality  vs.  privacy,  doesn’t 
it?  But  why?  There’s  no  compelling  reason  any  personal  information 
should  be  stored  on  those  RFID  tags  —  or  on  any  RFID  tags.  So  why 
is  everyone’s  default  assumption  that  it  will  be? 


Here,  look:  How  many  different  ways  could 
Texas  implement  vehicle  inspection  RFID  tags? 
One  way  is  to  use  low-powered  tags  that  can 
be  read  only  up  close.  But  that  doesn’t  require 
RFID.  There’s  already  an  identifying  tag  that 
police  routinely  use  for  checking  vehicle  infor¬ 
mation.  It’s  called  a  license  plate. 

Besides,  Texas  wants  to  scan  cars  on  the  fly. 
That  requires  high-frequency  RFID  tags  that 
can  respond  quickly  and  at  a  distance.  Those 
tags  also  typically  can  hold  lots  of  data.  So  a 
vehicle  inspection  RFID  tag  could  contain  as 
much  as  a  megabyte  of  information  about  a 
vehicle  —  or  as  little  as  a  license  plate  number. 

Which  makes  more  sense?  Cramming  lots  of 
vehicle  data  onto  an  RFID  tag  means  a  police 
officer  could  read  it  directly  with  a  scanner. 

But  what  cop  could  read  data  on  100  cars  per 
minute  roaring  past?  Besides,  any  embedded  in¬ 
surance  information  could  be  outdated  the  day 
after  the  tag  was  stuck  on  the  vehicle. 

And  that  data  would  be  exposed  to  anyone 
else  with  an  RFID  scanner.  The  data  could  be 
encrypted,  but  that  means  the  scanner  would 
have  to  be  attached  to  a  computer  to  decrypt  it. 
Or  the  RFID  equipment  could  be  nonstandard 
—  but  hackers  are  pretty  good  at 
matching  any  customized  gear. 

On  the  other  hand,  if  an  RFID  tag 
responds  with  just  a  license  plate 
number,  that  can  be  checked  against 
an  up-to-date  back-end  database 
without  human  intervention.  And 
the  only  information  exposed  by  the 
RFID  tag  is  already  displayed  on  the 
vehicle’s  bumper. 

See?  It  makes  no  sense  to  over¬ 
load  those  Texas  tags.  Putting  the 
smarts  in  the  database  and  keeping 
the  tags  simple  makes  the  system 
more  reliable,  secure  and  effective 


—  and  minimizes  privacy  issues,  too. 

So  why  does  this  look  like  such  a  hard  prob¬ 
lem  at  first  glance?  Because  if  an  RFID  tag  has 
space  for  lots  of  data,  some  people  will  auto¬ 
matically  feel  an  urge  to  fill  it  up. 

We  need  to  resist  that  urge.  Not  just  for  vehi¬ 
cle  tags  in  Texas,  but  for  all  the  other  RFID  ap¬ 
plications  we’ll  be  implementing  soon. 

Some  of  those  RFID  jobs  will  be  forced  on  us, 
such  as  Wal-Mart’s  supply  chain  mandate.  But 
others  we’ll  come  up  with  ourselves.  We’ll  try 
sticking  RFID  tags  on  shipping  cartons,  em¬ 
ployee  ID  badges,  forklifts,  hard-copy  docu¬ 
ments,  desk  chairs,  mail  carts,  computer  moni¬ 
tors  —  anything  we  need  to  track  or  identify  or 
inventory  or  locate. 

What  we’d  really  like  is  a  clear  set  of  RFID 
best  practices.  But  in  the  meantime,  we’ll  just 
have  to  remind  ourselves  to  keep  the  tags  as 
simple  as  possible  and  keep  the  data  on  them  to 
a  minimum.  If  we  must  include  data,  it  should 
be  encrypted  —  but  less  data  is  better. 

We’ll  probably  have  to  hold  the  line  on  that 
rule  with  non-IT  managers  and  executives  too, 
especially  if  they’ve  heard  RFID  sales  pitches 
bragging  about  how  much  data  a  tag  can  hold. 

And  to  other  business-side 
people,  we’ll  probably  have  to  ex¬ 
plain  how  we’re  protecting  their 
sensitive  information,  especially  if 
they’ve  heard  about  RFID  risks  and 
expect  the  worst. 

But  we  can  do  that.  In  fact,  we’d 
better,  if  we  want  to  deliver  the  ad¬ 
vantages  of  RFID  technology  for 
our  users  with  a  maximum  of  bene¬ 
fit  and  a  minimum  of  risk. 

Because  if  we  don’t,  those  little 
RFID  tags  will  bring  us  some 
Texas-size  problems  after  all. 

O  53638 


frank  hayes,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerworld.com. 


Unintended  Consequences 

Nightly  software  update  fails  at  this  data  center,  and  it 
creates  a  major  mess  the  next  morning.  But  somehow 
no  one  notifies  the  CIO,  who  first  hears  about  it  in  a 
meeting  with  users.  He’s  furious  and  announces  that 
heads  will  roll  -  and  from  now  on,  he  must  be  the  first 
to  know  should  anything  like  this  happen.  Two  weeks 
later,  same  thing  occurs,”  says  a  pilot  fish  there.  “CIO 
gets  the  call  at  1  am,  and  the  call  tree  happens  in  re¬ 
verse.  This  caught  my  eye  in  the  CIO’s  report  to  the  di¬ 
rector’s  office:  ‘Due  to  loss  of  personnel  because  of 
cutbacks,  I  have  begun  to  receive  calls  in  the  middle  of 
the  night  from  operations.’  ” 

Oops!  word,  I  go  down 

Support  tech  re-  xH  ARK  to  the  server 

turns  from  lunch  t  ■  yi#  and  reset  the 

and  notices  he  |  ANIVlfek,  user’s  pass- 


now  inexplicably 
has  lots  of  printers  con¬ 
figured  on  his  PC.  “He 
quickly  started  deleting 
the  printer  connections,” 
reports  a  pilot  fish  in  the 
know.  “With  half  the 
printers  deleted,  calls 
started  coming  in  from 
the  users,  and  the  light 
came  on.  Before  lunch, 
he  had  been  logged 
onto  the  print  server. 

He  wasn’t  deleting  the 
mapped  printers  from 
his  workstation,  but  the 
print  queues  directly 
from  the  print  server!” 
Fortunately,  sysadmins 
were  able  to  restore  all 
the  queues. 

Tighter,  Not 
More  Secure 

Pilot  fish  returns  from 
leave  of  absence  to  find 
a  new,  tighter  security 
policy:  She’ll  no  longer 
know  the  administrative 
passwords  for  members 
of  the  executive  commit¬ 
tee.  Two  weeks  later, 
an  executive  committee 
member  calls  me  with 
a  virus  problem,”  fish 
says.  “Since  I  can  no 
longer  access  this  per¬ 
son’s  computer  using 
our  global  admin  pass¬ 


word.  So  much 
for  the  newer,  tightened 
security.” 

Close,  but  Not 
Close  Enough 

User’s  laptop  won’t  pow¬ 
er  up,  so  she  unplugs 
everything  from  the 
back,  lets  it  sit  for  a  day 
and  then  reconnects 
everything.  Now  it  works 
fine  except  that  she 
can’t  print.  IT  pilot  fish 
spots  the  problem  right 
away:  “She  somehow 
managed  to  plug  the 
USB  cable  from  the 
printer  into  the  network 
port  on  the  laptop,”  he 
sighs.  “I  wouldn’t  have 
thought  it  would  fit.  But 
sure  enough  -  it  fits 
snugly,  but  it  fits.” 

Let’s  Just  Step 
Back  and  Relax, 
Shall  We? 

User  pilot  fish  sits  next 
to  police  department’s  IT 
help  desk  and  overhears 
a  call:  “Help  Desk,  may  I 
help  you? . . .  Can  you 
open  that  program? . . . 
Are  you  getting  an  er¬ 
ror?  . . .  Could  you 
e-mail  me  a  screenshot 
of  the  error? ...  No,  you 
don’t  need  your  gun.” 


O  SHOOT  SHARKY  YOUR  STORY.  Send  me  your  true 
tale  of  IT  life  at  sharky@computerworld.com.  You’ll 
score  a  stylish  Shark  shirt  if  I  use  it.  And  check  out  the  daily 
feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworld.com/sharky. 
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No  more  unidentified  issues. 

Zero  in  on  the  source  of  any  SAN  slowdown. 


Welcome  to  a  network  tool  so  smart,  it's  almost  unreal.  NetWisdom.  The  intelligent  SAN  performance 
monitoring  solution  that  keeps  you  one  step  ahead  of  trouble. 


Dashboard  delivers  a  visual  snapshot 
of  entire  SAN  fabric  performance. 


Instantly  measure  SAN  performance  against  the  baseline  to  verify  you're  meeting  internal  service 
objectives.  The  exclusive  'visual  dashboard'  displays  real-time  health  of  the  entire  fabric.  And  if  your 
SAN  stumbles,  you  can  quickly  identify  and  engage  the  vendor  at  fault,  to  drive  swift  problem  resolution. 

Understand.  Identify.  Resolve.  Fast.  With  the  NetWisdom  SAN  performance  monitoring  solution. 


Get  more  details  during  a  free  webinar,  "Improving  SAN  Performance  and  Uptime  with  NetWisdom." 
Sign  up  now  at  http://finisarevents.webex.com 


See  us  at  Storage  Networking  World,  April  12  - 14,  at  Booth  G19 
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MEANS  MORE  POWER 

MORE  AFFORDABLY 


ProCurve  Networking  by  HP  offers  a  range  of  affordable 
gigabit-enabled  switches  that  is  second  to  none.  That  means 
you  can  get  better  performance  from  your  network  along  with 
better  performance  from  your  networking  dollars.  Downloads 
that  used  to  take  minutes  can  now  be  done  in  seconds.  And  you 
can  do  it  for  cents.  Not  dollars.  That’s  high-availability  gigabit 
performance  at  the  edge — not  just  the  core  of  your  network. 
What’s  more,  ProCurve  gigabit-enabled  switches  are 
backed  by  a  lifetime  warranty* — perhaps  the  best  in  the 
industry.  More  affordability.  More  choice.  More  productivity. 


Find  out  how  to  get  the  power  of  gig 
Visit  www.hp.com/networklng/glgablt  f 


ProCurve  Networking 


HP  Innovation 
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click  www.hp.com/networking/gigabit  contact  your  local  HP  reseller 


♦Lifetime  warranty  applies  to  all  ProCurve  Products,  excluding  the  ProCurve  routing  switch  9300m  Series  and  Secure  Access  700wl  Series,  which  have  a  one-year  warranty  with  extensions  available. 
©2004  Hewlett  Packard  Development  Company,  L.P 


